General

  • Target

    Crack Cheat.exe

  • Size

    3.3MB

  • Sample

    241113-qqmhjswlbl

  • MD5

    188bfbff71841426601213f21a79857f

  • SHA1

    aae3deda1b9b4ff703b7fa311ee10117b3a7b546

  • SHA256

    7007ad2f99a1da6616401648bcd0bdb00161c20d5dc2c27390214b028d9ddf84

  • SHA512

    f3495dfb14068d659824506a3278810a1dde60523218add2e530768e65473c2573263ce28c3560c5723158054051223c94ded5c00cf6389711ed02a47bb753b3

  • SSDEEP

    49152:ubA3jB65wSIehCuRt1MJh9JsZCG6eRCbKjHUMGb7JzA6LI0HM6HqyYu/K:ubr/jk9JlGr4Kj0MOm6kgkui

Malware Config

Targets

    • Target

      Crack Cheat.exe

    • Size

      3.3MB

    • MD5

      188bfbff71841426601213f21a79857f

    • SHA1

      aae3deda1b9b4ff703b7fa311ee10117b3a7b546

    • SHA256

      7007ad2f99a1da6616401648bcd0bdb00161c20d5dc2c27390214b028d9ddf84

    • SHA512

      f3495dfb14068d659824506a3278810a1dde60523218add2e530768e65473c2573263ce28c3560c5723158054051223c94ded5c00cf6389711ed02a47bb753b3

    • SSDEEP

      49152:ubA3jB65wSIehCuRt1MJh9JsZCG6eRCbKjHUMGb7JzA6LI0HM6HqyYu/K:ubr/jk9JlGr4Kj0MOm6kgkui

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks