General
-
Target
b8b5f7e2edc5114c9554dde3723b6f6221e4ec5ae0379c7feff8e2bc7398507d.exe
-
Size
2.7MB
-
Sample
250110-djjrvsslam
-
MD5
ba65161e6e83ddc896f9a5461f93d8f1
-
SHA1
51ecdadd3f065686e9fc6394685d968215cf4029
-
SHA256
b8b5f7e2edc5114c9554dde3723b6f6221e4ec5ae0379c7feff8e2bc7398507d
-
SHA512
264f88cce23bcaa16394f7d22e443bccb5a10ba080acee2d71daaddee24f9e9b3c14435a971d52c4fbf22d83e7fed7a9eea0d55179db88096724b6e32808dacd
-
SSDEEP
49152:XRx6mfxiUnp3jfmEXD9KxZU9IaK3clnUezzuuLjaO7e:h40VJ5XQxZUyrctHNyse
Malware Config
Targets
-
-
Target
b8b5f7e2edc5114c9554dde3723b6f6221e4ec5ae0379c7feff8e2bc7398507d.exe
-
Size
2.7MB
-
MD5
ba65161e6e83ddc896f9a5461f93d8f1
-
SHA1
51ecdadd3f065686e9fc6394685d968215cf4029
-
SHA256
b8b5f7e2edc5114c9554dde3723b6f6221e4ec5ae0379c7feff8e2bc7398507d
-
SHA512
264f88cce23bcaa16394f7d22e443bccb5a10ba080acee2d71daaddee24f9e9b3c14435a971d52c4fbf22d83e7fed7a9eea0d55179db88096724b6e32808dacd
-
SSDEEP
49152:XRx6mfxiUnp3jfmEXD9KxZU9IaK3clnUezzuuLjaO7e:h40VJ5XQxZUyrctHNyse
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1