General
-
Target
59a1ffbe89d8bc07dd149159ed01c65254f8940f9fa39bf30cb8b76b6b2e72ebN
-
Size
602KB
-
Sample
241106-1vba7axqdx
-
MD5
d069ab75e9b28f7bdd02e0f3d0cc5ab0
-
SHA1
9c6eb8752783f808903b7fbac3fd47bc96554c84
-
SHA256
59a1ffbe89d8bc07dd149159ed01c65254f8940f9fa39bf30cb8b76b6b2e72eb
-
SHA512
765392440ff7c836652d4a963038af2a350a61b33375167c9f9c76793e79b37e2adc3af847dd4ac72c7950f590daa17e93b3ac57f17d9d809e988d5e406ca42a
-
SSDEEP
12288:Dy906ssfA446ETlvQ10HZWoDRxoVVz6Noc9cAPcJkUwH:Dy3ssfA2caeZxoVhGgkn
Malware Config
Targets
-
-
Target
59a1ffbe89d8bc07dd149159ed01c65254f8940f9fa39bf30cb8b76b6b2e72ebN
-
Size
602KB
-
MD5
d069ab75e9b28f7bdd02e0f3d0cc5ab0
-
SHA1
9c6eb8752783f808903b7fbac3fd47bc96554c84
-
SHA256
59a1ffbe89d8bc07dd149159ed01c65254f8940f9fa39bf30cb8b76b6b2e72eb
-
SHA512
765392440ff7c836652d4a963038af2a350a61b33375167c9f9c76793e79b37e2adc3af847dd4ac72c7950f590daa17e93b3ac57f17d9d809e988d5e406ca42a
-
SSDEEP
12288:Dy906ssfA446ETlvQ10HZWoDRxoVVz6Noc9cAPcJkUwH:Dy3ssfA2caeZxoVhGgkn
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Luminosity family
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1