General
-
Target
FATALITYCRACK.rar
-
Size
2.7MB
-
Sample
241122-r6mnxsymfp
-
MD5
eb91852ed7ae328ed294a75c56582481
-
SHA1
7d980b6789e74998fd1b906dfb7eda7e3495a127
-
SHA256
30e973ae2b2420c2506000813d5fc3fb12c4bedc3595b00b097840b597018df9
-
SHA512
245d39ff89011ea50f42f1098c459349add3a21f8db7d55ddacfe4c812e68920b2a879144ed1845fc6623609cc5a4be7fb8537b0d007607fde289e0eedd89c78
-
SSDEEP
49152:INSopUBKz7NJ3s9WUt/py3y1VNJNwDn7Fex0P1EDsix6Uqaj:gSopzzZPG/py3ybNgDnBex01RiA2j
Static task
static1
Behavioral task
behavioral1
Sample
FATALITY/loader.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
FATALITY/loader.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
FATALITY/loader.exe
-
Size
3.2MB
-
MD5
8faa9e2bbcb1f98cb3971b94f9feda41
-
SHA1
ab03732cdbc58c752057f2dd3c39e164e222476f
-
SHA256
026825e9ca81fe52b1833a5e2c838336bc645778da89ff5c266c65c9d750a490
-
SHA512
5a660bddaf58c15503861663d018e3444c40fc9a62cc2953a60e41c78561014db4911d4f1da80f70a492d6ff912765d93e08c3c39fce921580b034dfcc47d358
-
SSDEEP
98304:fP8sZQDJ8Apc4VDuZc3PT9ejwigyEgKSkzd1kl86:cs6lrDlT9ej7UgKBLy
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1