General
-
Target
0139f1cbe8e37310d3992ab28e97880d.exe
-
Size
2.7MB
-
Sample
220725-hs8jssbagl
-
MD5
0139f1cbe8e37310d3992ab28e97880d
-
SHA1
8f4a45d3ccf6be63cac0b3a4885796adb1591c44
-
SHA256
eaf877b52975baa11069f182a50c1bcda8918177a35df15bc6ef3067bd1783b7
-
SHA512
baba23dea6c2ecdc14294c409f86928e5d833c959629f9e7fd8c4262b77560b8a5ba82c897552c5e46ec6feae3f6bda8cc1f28709e83f47e9d95834255572376
Behavioral task
behavioral1
Sample
0139f1cbe8e37310d3992ab28e97880d.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
0139f1cbe8e37310d3992ab28e97880d.exe
-
Size
2.7MB
-
MD5
0139f1cbe8e37310d3992ab28e97880d
-
SHA1
8f4a45d3ccf6be63cac0b3a4885796adb1591c44
-
SHA256
eaf877b52975baa11069f182a50c1bcda8918177a35df15bc6ef3067bd1783b7
-
SHA512
baba23dea6c2ecdc14294c409f86928e5d833c959629f9e7fd8c4262b77560b8a5ba82c897552c5e46ec6feae3f6bda8cc1f28709e83f47e9d95834255572376
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-