General

  • Target

    7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a.exe

  • Size

    3.8MB

  • Sample

    241027-c15vzs1jdv

  • MD5

    c9e9ee7477dd04ce2017fc1402f5461c

  • SHA1

    22154f137d253bfe5e135859c9a26778a64391fc

  • SHA256

    7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a

  • SHA512

    67339aea037be21b8f043d0ff84bbb6013de59bd435a9945837a983001d44a804ae864fbf68695d52829681634d4a903debc5ebbb8b8e6f7770ee6ab923616b8

  • SSDEEP

    98304:ytU7z9qNUzrsxu3CFZZK8USGlV8ajG1SN6QSi:y0zgQyFavJlQ1ScQf

Malware Config

Targets

    • Target

      7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a.exe

    • Size

      3.8MB

    • MD5

      c9e9ee7477dd04ce2017fc1402f5461c

    • SHA1

      22154f137d253bfe5e135859c9a26778a64391fc

    • SHA256

      7a2a16cd9673a747cce1246193609d566e610beead345dbc838e5ebda15a318a

    • SHA512

      67339aea037be21b8f043d0ff84bbb6013de59bd435a9945837a983001d44a804ae864fbf68695d52829681634d4a903debc5ebbb8b8e6f7770ee6ab923616b8

    • SSDEEP

      98304:ytU7z9qNUzrsxu3CFZZK8USGlV8ajG1SN6QSi:y0zgQyFavJlQ1ScQf

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks