General
-
Target
7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a.exe
-
Size
3.8MB
-
Sample
241027-c15vzs1jdv
-
MD5
c9e9ee7477dd04ce2017fc1402f5461c
-
SHA1
22154f137d253bfe5e135859c9a26778a64391fc
-
SHA256
7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a
-
SHA512
67339aea037be21b8f043d0ff84bbb6013de59bd435a9945837a983001d44a804ae864fbf68695d52829681634d4a903debc5ebbb8b8e6f7770ee6ab923616b8
-
SSDEEP
98304:ytU7z9qNUzrsxu3CFZZK8USGlV8ajG1SN6QSi:y0zgQyFavJlQ1ScQf
Static task
static1
Behavioral task
behavioral1
Sample
7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a.exe
-
Size
3.8MB
-
MD5
c9e9ee7477dd04ce2017fc1402f5461c
-
SHA1
22154f137d253bfe5e135859c9a26778a64391fc
-
SHA256
7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a
-
SHA512
67339aea037be21b8f043d0ff84bbb6013de59bd435a9945837a983001d44a804ae864fbf68695d52829681634d4a903debc5ebbb8b8e6f7770ee6ab923616b8
-
SSDEEP
98304:ytU7z9qNUzrsxu3CFZZK8USGlV8ajG1SN6QSi:y0zgQyFavJlQ1ScQf
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1