General
-
Target
EC4891EC2E1E54B6E32D1E1B3BDB5915.exe
-
Size
1.8MB
-
Sample
241030-qswh8ssraz
-
MD5
ec4891ec2e1e54b6e32d1e1b3bdb5915
-
SHA1
c30c1fad6115013e814e288a1d06d2523aec6d95
-
SHA256
44a641d0d8a75103154273f34f65999770498af9f63aa8d878f4532718860ea6
-
SHA512
3ab4c039d3cf22c55dedf8506851ec3ea221849eb4e132928eb314c67c38a650b403afc4270874c2d2c46875f1a9ec668b83f7619793ef75758bc2398b4cc7cc
-
SSDEEP
24576:juhBQp12QFQP7U9QlUrNGWsm5wtgeZBN+HE3r13P+doHExf27vH/h6kcWqnxqlM:jMWYoQlUr4M4geZ2ktP+dCEeghxql
Malware Config
Targets
-
-
Target
EC4891EC2E1E54B6E32D1E1B3BDB5915.exe
-
Size
1.8MB
-
MD5
ec4891ec2e1e54b6e32d1e1b3bdb5915
-
SHA1
c30c1fad6115013e814e288a1d06d2523aec6d95
-
SHA256
44a641d0d8a75103154273f34f65999770498af9f63aa8d878f4532718860ea6
-
SHA512
3ab4c039d3cf22c55dedf8506851ec3ea221849eb4e132928eb314c67c38a650b403afc4270874c2d2c46875f1a9ec668b83f7619793ef75758bc2398b4cc7cc
-
SSDEEP
24576:juhBQp12QFQP7U9QlUrNGWsm5wtgeZBN+HE3r13P+doHExf27vH/h6kcWqnxqlM:jMWYoQlUr4M4geZ2ktP+dCEeghxql
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1