General
-
Target
60f6c911f8b8f9579e3958699dcb7fb91ade66f3a9bdd435632c6d18006002c2.exe
-
Size
2.7MB
-
Sample
250118-e2z28sspds
-
MD5
d1793da857eca536d0d06e1bdfa657ab
-
SHA1
bb07044f5867554c74063d4c9509248657322040
-
SHA256
60f6c911f8b8f9579e3958699dcb7fb91ade66f3a9bdd435632c6d18006002c2
-
SHA512
8d35eab524e898a14e17185c64e092c56e310f15e3cd2e0bfd533b15c55b78078dfc2dbaeba3d3a5027a96967fca11cf3c60a4fb859e5ecee28addda04238e4b
-
SSDEEP
49152:yqyJUSQelMhlk1w19BlUobhENGZXxRWi0UAuqYqqnc:PyJlQgGk1wPko1oO30UA7Yqq
Behavioral task
behavioral1
Sample
60f6c911f8b8f9579e3958699dcb7fb91ade66f3a9bdd435632c6d18006002c2.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
60f6c911f8b8f9579e3958699dcb7fb91ade66f3a9bdd435632c6d18006002c2.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
60f6c911f8b8f9579e3958699dcb7fb91ade66f3a9bdd435632c6d18006002c2.exe
-
Size
2.7MB
-
MD5
d1793da857eca536d0d06e1bdfa657ab
-
SHA1
bb07044f5867554c74063d4c9509248657322040
-
SHA256
60f6c911f8b8f9579e3958699dcb7fb91ade66f3a9bdd435632c6d18006002c2
-
SHA512
8d35eab524e898a14e17185c64e092c56e310f15e3cd2e0bfd533b15c55b78078dfc2dbaeba3d3a5027a96967fca11cf3c60a4fb859e5ecee28addda04238e4b
-
SSDEEP
49152:yqyJUSQelMhlk1w19BlUobhENGZXxRWi0UAuqYqqnc:PyJlQgGk1wPko1oO30UA7Yqq
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1