General
-
Target
403138422d8da9fdd31fe147959a1403.bin
-
Size
1.7MB
-
Sample
241230-blpd1sspgs
-
MD5
5089692e32a47ee03e7105182585ec87
-
SHA1
1c833598f1c80f5328cfeb972086a5a647fb6eac
-
SHA256
fb4541149243c253e9029a1f33c4e915933aee220954a8e8c1982f9ca2522327
-
SHA512
41500d001d48130b59c9bfa9b6c89a521dc0b6bbc86c6ec2bd96a698bbbc4007371411631cb2c17174813ee5b8e6243c8401ceecc5b9fc16299e694588bfc356
-
SSDEEP
49152:X7h1UfchfFq/R+LaSdd0nHbcDHi/xVjzj5gvFZYJ4:dRPndG7e2njR4
Static task
static1
Behavioral task
behavioral1
Sample
4b1a5d38d7741fea74f2cf45d5b215955ba9fe117d6f6a0e7ecbef64118c449b.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
4b1a5d38d7741fea74f2cf45d5b215955ba9fe117d6f6a0e7ecbef64118c449b.exe
-
Size
2.2MB
-
MD5
403138422d8da9fdd31fe147959a1403
-
SHA1
913139b08964bc2039eeeea9f491c5c8507b7dcc
-
SHA256
4b1a5d38d7741fea74f2cf45d5b215955ba9fe117d6f6a0e7ecbef64118c449b
-
SHA512
3aec241bc828aa7878a632e9e44e3c7daf982e4c412efc499c40e04b88d48b9c2c62e01f00b014ea57148623d022e8c96a3d240b67df5045b746c4b0198e9afb
-
SSDEEP
49152:IBJ7Zxl12Ref9smYan+7TzjNWScGYDe9eq97DUczTG:ypDzKehnMhtXY6rZYcG
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1