General
-
Target
ba5dc0fc7d1677527cf809bfca28e2b6.exe
-
Size
1.1MB
-
Sample
210926-sl5vfafaf8
-
MD5
ba5dc0fc7d1677527cf809bfca28e2b6
-
SHA1
df8452d50e4fa2171379bfd499132a08dd725368
-
SHA256
b1712ed2922c7af304903adfc55fc79a8a097f06b2fb98072ebfb3b44fbd3ad1
-
SHA512
dcda78f331a588286d6f5a1fc2e4ccc680a178e8bf621f20f00a4cb0973f8d67cc66535334908e97a3845664ce1ee9c619fdb06515c31939a84c9c28424a622e
Behavioral task
behavioral1
Sample
ba5dc0fc7d1677527cf809bfca28e2b6.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ba5dc0fc7d1677527cf809bfca28e2b6.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
ba5dc0fc7d1677527cf809bfca28e2b6.exe
-
Size
1.1MB
-
MD5
ba5dc0fc7d1677527cf809bfca28e2b6
-
SHA1
df8452d50e4fa2171379bfd499132a08dd725368
-
SHA256
b1712ed2922c7af304903adfc55fc79a8a097f06b2fb98072ebfb3b44fbd3ad1
-
SHA512
dcda78f331a588286d6f5a1fc2e4ccc680a178e8bf621f20f00a4cb0973f8d67cc66535334908e97a3845664ce1ee9c619fdb06515c31939a84c9c28424a622e
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-