General

  • Target

    99209E1F30A833E0C7654FCC0AA2C9C5.exe

  • Size

    4.7MB

  • Sample

    241221-k6rvbaxkaw

  • MD5

    99209e1f30a833e0c7654fcc0aa2c9c5

  • SHA1

    75ac3347aae0a9dc3520ce0d31ca6ee2c7f4bbe5

  • SHA256

    4cb5fdd185102520c29c5975190f67567eeffaa42dc3692ee0cc9595b8a07e20

  • SHA512

    abd6cac229ffac33e6ec887e41b041c4e02a5da1a054c474549657dfda326afbfd127c435f796d2945b0eb1d9586599936d0ddae339845dd43a91610c5baaa5b

  • SSDEEP

    12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1

Malware Config

Targets

    • Target

      99209E1F30A833E0C7654FCC0AA2C9C5.exe

    • Size

      4.7MB

    • MD5

      99209e1f30a833e0c7654fcc0aa2c9c5

    • SHA1

      75ac3347aae0a9dc3520ce0d31ca6ee2c7f4bbe5

    • SHA256

      4cb5fdd185102520c29c5975190f67567eeffaa42dc3692ee0cc9595b8a07e20

    • SHA512

      abd6cac229ffac33e6ec887e41b041c4e02a5da1a054c474549657dfda326afbfd127c435f796d2945b0eb1d9586599936d0ddae339845dd43a91610c5baaa5b

    • SSDEEP

      12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • DCRat payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks