General
-
Target
8200E9229E3BCBDE18EB0BE7E90A691E.exe
-
Size
1.1MB
-
Sample
210702-4gexxxz3cx
-
MD5
8200e9229e3bcbde18eb0be7e90a691e
-
SHA1
bbe63015b898a1bdc94057e1efcd79c351897ff4
-
SHA256
88771c803925c9b53a6eeedbf38e34bbb20cc6ab5861ca8789b1efbdda0cbbb2
-
SHA512
e0b00b71c1737eb3fc9b5f86fb2f8bc11a1e05cfa57572923736d37cbf1ef0aa6497220084503745d95d93adc78d0d66e8cdea28ed713eeee92b295b66bf7c1f
Behavioral task
behavioral1
Sample
8200E9229E3BCBDE18EB0BE7E90A691E.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
8200E9229E3BCBDE18EB0BE7E90A691E.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
8200E9229E3BCBDE18EB0BE7E90A691E.exe
-
Size
1.1MB
-
MD5
8200e9229e3bcbde18eb0be7e90a691e
-
SHA1
bbe63015b898a1bdc94057e1efcd79c351897ff4
-
SHA256
88771c803925c9b53a6eeedbf38e34bbb20cc6ab5861ca8789b1efbdda0cbbb2
-
SHA512
e0b00b71c1737eb3fc9b5f86fb2f8bc11a1e05cfa57572923736d37cbf1ef0aa6497220084503745d95d93adc78d0d66e8cdea28ed713eeee92b295b66bf7c1f
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-