General
-
Target
99209E1F30A833E0C7654FCC0AA2C9C5.exe
-
Size
4.7MB
-
Sample
241221-k6rvbaxkaw
-
MD5
99209e1f30a833e0c7654fcc0aa2c9c5
-
SHA1
75ac3347aae0a9dc3520ce0d31ca6ee2c7f4bbe5
-
SHA256
4cb5fdd185102520c29c5975190f67567eeffaa42dc3692ee0cc9595b8a07e20
-
SHA512
abd6cac229ffac33e6ec887e41b041c4e02a5da1a054c474549657dfda326afbfd127c435f796d2945b0eb1d9586599936d0ddae339845dd43a91610c5baaa5b
-
SSDEEP
12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1
Behavioral task
behavioral1
Sample
99209E1F30A833E0C7654FCC0AA2C9C5.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
99209E1F30A833E0C7654FCC0AA2C9C5.exe
-
Size
4.7MB
-
MD5
99209e1f30a833e0c7654fcc0aa2c9c5
-
SHA1
75ac3347aae0a9dc3520ce0d31ca6ee2c7f4bbe5
-
SHA256
4cb5fdd185102520c29c5975190f67567eeffaa42dc3692ee0cc9595b8a07e20
-
SHA512
abd6cac229ffac33e6ec887e41b041c4e02a5da1a054c474549657dfda326afbfd127c435f796d2945b0eb1d9586599936d0ddae339845dd43a91610c5baaa5b
-
SSDEEP
12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
DCRat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1