General
-
Target
test.exe
-
Size
1MB
-
Sample
220521-q34ycshed2
-
MD5
abbb100af637fd20536e63f9ebe72eba
-
SHA1
4538c638950bfdf57311f86140b9819649af1112
-
SHA256
f06e8c2cbfa1da33e3e08eb79315d3eb9efc6fa916184df036a581dcd6a08165
-
SHA512
8b098c002c24321b8d25a867e5b7e2964e9941274e0bc9fdf42441892305a9a96abfbbda1b90e6874784021ed01d04d279f2c4a583ae719186c6429293f46004
Static task
static1
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
test.exe
-
Size
1MB
-
MD5
abbb100af637fd20536e63f9ebe72eba
-
SHA1
4538c638950bfdf57311f86140b9819649af1112
-
SHA256
f06e8c2cbfa1da33e3e08eb79315d3eb9efc6fa916184df036a581dcd6a08165
-
SHA512
8b098c002c24321b8d25a867e5b7e2964e9941274e0bc9fdf42441892305a9a96abfbbda1b90e6874784021ed01d04d279f2c4a583ae719186c6429293f46004
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-