General
-
Target
40a25f4406c2c119fdbee6a530b4dbd78dfad9e98eb0ac785290997976d75d7dN.exe
-
Size
2.7MB
-
Sample
250119-rssm1sskcl
-
MD5
8e6d3e4cdb00a133fd3f33cfde6e37c0
-
SHA1
91233309e54797dac7c00a9576c38456bc14acba
-
SHA256
40a25f4406c2c119fdbee6a530b4dbd78dfad9e98eb0ac785290997976d75d7d
-
SHA512
a1604b3da2eb2dfec99ed830eaa8077e0ba2b2f66c377bf8c1bdea8e8668f2bee7fa90411fdd62f358f1be87ae58dd5e1de71a58f46428550c64262664c671a6
-
SSDEEP
49152:sqyJUSQelMhlk1w19BlUobhENGZXxRWi0UAuqYqqnc:pyJlQgGk1wPko1oO30UA7Yqq
Malware Config
Targets
-
-
Target
40a25f4406c2c119fdbee6a530b4dbd78dfad9e98eb0ac785290997976d75d7dN.exe
-
Size
2.7MB
-
MD5
8e6d3e4cdb00a133fd3f33cfde6e37c0
-
SHA1
91233309e54797dac7c00a9576c38456bc14acba
-
SHA256
40a25f4406c2c119fdbee6a530b4dbd78dfad9e98eb0ac785290997976d75d7d
-
SHA512
a1604b3da2eb2dfec99ed830eaa8077e0ba2b2f66c377bf8c1bdea8e8668f2bee7fa90411fdd62f358f1be87ae58dd5e1de71a58f46428550c64262664c671a6
-
SSDEEP
49152:sqyJUSQelMhlk1w19BlUobhENGZXxRWi0UAuqYqqnc:pyJlQgGk1wPko1oO30UA7Yqq
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1