General
-
Target
18f5a3194d73e08d7d66b7a3b42568b3.exe
-
Size
3.1MB
-
Sample
240630-fx5btsxekq
-
MD5
18f5a3194d73e08d7d66b7a3b42568b3
-
SHA1
86d424c8a86ec2f20407f9f2db9133a0a2b314f7
-
SHA256
a8733ea13062f65d6aaeb65f8836f9c57bc3c3af7c0d04b94bd072ed2f56b1d1
-
SHA512
3f14d5b896cdba1ea41516a3c1f9b2745bd403a57bb66bf6c2016ee5dde2f2bab8560822975848f4920502a4ae94975891846d8249ab401054655482964bcb11
-
SSDEEP
49152:UbA30w1VlUYYDF62IumHbysKqLb5yHfCbShsA3z42d7U8rUc1uHToN/:UbgJWF6ymHbRzLb5ya2hsUz4c7W9K/
Behavioral task
behavioral1
Sample
18f5a3194d73e08d7d66b7a3b42568b3.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
18f5a3194d73e08d7d66b7a3b42568b3.exe
-
Size
3.1MB
-
MD5
18f5a3194d73e08d7d66b7a3b42568b3
-
SHA1
86d424c8a86ec2f20407f9f2db9133a0a2b314f7
-
SHA256
a8733ea13062f65d6aaeb65f8836f9c57bc3c3af7c0d04b94bd072ed2f56b1d1
-
SHA512
3f14d5b896cdba1ea41516a3c1f9b2745bd403a57bb66bf6c2016ee5dde2f2bab8560822975848f4920502a4ae94975891846d8249ab401054655482964bcb11
-
SSDEEP
49152:UbA30w1VlUYYDF62IumHbysKqLb5yHfCbShsA3z42d7U8rUc1uHToN/:UbgJWF6ymHbRzLb5ya2hsUz4c7W9K/
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1