General
-
Target
солярка (воркает).rar
-
Size
2.6MB
-
Sample
241004-wvj6washqa
-
MD5
45fd7de7a40563e71d6f2e8ab3accc10
-
SHA1
b3f77f34507850c890789cacb0ccd0bba87d6a3c
-
SHA256
3c74eb0e0e744bed1deab78229f53f571be042fe0bfbdb31df99dabbe1ec33a1
-
SHA512
4276a959de82f67309a0624401fa315c605af6f8be40b393473fda6fefb5b3cd5444c2f5bc16f1743685595cecb8bcdcaddaa5e1ad6385ef76f5034e735dc62a
-
SSDEEP
49152:NSIWLZd0Gb+987RBstRIwekxcbTB2BuVuyZi6YX2nLots1u3VonghLyQ:NfWLZd0Gai7RERIwPxC22j64LoRVYOr
Behavioral task
behavioral1
Sample
солярка (воркает)/BootstrapperV1.21.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
солярка (воркает)/BootstrapperV1.21.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
солярка (воркает)/BootstrapperV1.21.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
солярка (воркает)/BootstrapperV1.21.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
солярка (воркает)/BootstrapperV1.21.exe
-
Size
3.8MB
-
MD5
d83d803d2aa210c2ea165a6ba41d755a
-
SHA1
5e9f047412addd3a3a36dfd2890c3709a6b6840d
-
SHA256
c7becefe6c1a08698fe22edd47646657e9312acf4824c7435dd4b2af46e10072
-
SHA512
d510c369c589d39114556b46f0d333165a2d22e163776cd4eb5c13d993745279c3110815013fb4fe62c5015fc94b6527ebf029ac465d2b691a74a91cbf6e75d4
-
SSDEEP
49152:wbA3jjuzRg+fejWikp35V5nqe3jCtJaOEXt/kdK9decwoGH/jHc4U:wbGqyLpQz5qeTCtwOEkw9decKU
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1