General
-
Target
54172888b473f2515b13fe1e2032a112.exe
-
Size
1.2MB
-
Sample
220805-2ssywsfgcn
-
MD5
54172888b473f2515b13fe1e2032a112
-
SHA1
fc4ff4d53a1ea6cfee9265840bfc1dda0ee8c1e6
-
SHA256
05379ea4600304f51cffa8d1ee9e3b2931a69129f6bed14d45a500d966a71fca
-
SHA512
d09ce140712a46f3f94eaaf0c567ca30ce6de8b81ed8b45961cf6f4211225b43e6944dba769c212e11f836cf579932883a28d798353af9d6bd71c40e8a8f90a5
Behavioral task
behavioral1
Sample
54172888b473f2515b13fe1e2032a112.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
54172888b473f2515b13fe1e2032a112.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
54172888b473f2515b13fe1e2032a112.exe
-
Size
1.2MB
-
MD5
54172888b473f2515b13fe1e2032a112
-
SHA1
fc4ff4d53a1ea6cfee9265840bfc1dda0ee8c1e6
-
SHA256
05379ea4600304f51cffa8d1ee9e3b2931a69129f6bed14d45a500d966a71fca
-
SHA512
d09ce140712a46f3f94eaaf0c567ca30ce6de8b81ed8b45961cf6f4211225b43e6944dba769c212e11f836cf579932883a28d798353af9d6bd71c40e8a8f90a5
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-