General
-
Target
820cc4a2657103f6565b5bacf692152e3b437b263c5990d8b5786384e8f0c818N.exe
-
Size
2.6MB
-
Sample
241123-x89t5asmds
-
MD5
70cc71e35134d51fc8146e37c5057870
-
SHA1
7711b99c61a69c022aeb74bca4e8f6514bd60318
-
SHA256
820cc4a2657103f6565b5bacf692152e3b437b263c5990d8b5786384e8f0c818
-
SHA512
030064056bf5d8e54024c8ea0471e70719294b4fe71165bdf811789a2419b9bf3f087d2e680db96cd0874a4e2859b7676a13d6c2bb41b0e89aaebc222dde8ea5
-
SSDEEP
49152:EZjcfg3kx6GhHszTNMdkdOYY/Z5K0eR/SRXtbqayyLsPZqGXkcZAo:nY0UwmOTBU5R+dbqzTB
Malware Config
Targets
-
-
Target
820cc4a2657103f6565b5bacf692152e3b437b263c5990d8b5786384e8f0c818N.exe
-
Size
2.6MB
-
MD5
70cc71e35134d51fc8146e37c5057870
-
SHA1
7711b99c61a69c022aeb74bca4e8f6514bd60318
-
SHA256
820cc4a2657103f6565b5bacf692152e3b437b263c5990d8b5786384e8f0c818
-
SHA512
030064056bf5d8e54024c8ea0471e70719294b4fe71165bdf811789a2419b9bf3f087d2e680db96cd0874a4e2859b7676a13d6c2bb41b0e89aaebc222dde8ea5
-
SSDEEP
49152:EZjcfg3kx6GhHszTNMdkdOYY/Z5K0eR/SRXtbqayyLsPZqGXkcZAo:nY0UwmOTBU5R+dbqzTB
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1