General
-
Target
F1ACEEFBBB01466F19AC3E421082E81BF0C90E2D75866.exe
-
Size
1.5MB
-
Sample
220922-ya35csgadm
-
MD5
152fc3939962d6e1e572f00b33daf7b6
-
SHA1
25a7bebb0bdce7657fc563949befbf52021b5ea0
-
SHA256
f1aceefbbb01466f19ac3e421082e81bf0c90e2d758665bb8124b5ebf14b5743
-
SHA512
ba0700f093f904470b739363f5825b5ff7a0039dd2f70f3d2795496875bccfa5eadcb7794675d48fd437c3ced03fa454bad7e6dad7b5e9be2ef7a469433ee9e2
-
SSDEEP
24576:0crm83KQ6jF2oZkbkXu8MEG7GuR8jZBipt62ob1BKzickKhnakY:3XaJA86h7GuRIBat0BKvhX
Static task
static1
Behavioral task
behavioral1
Sample
F1ACEEFBBB01466F19AC3E421082E81BF0C90E2D75866.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
F1ACEEFBBB01466F19AC3E421082E81BF0C90E2D75866.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
F1ACEEFBBB01466F19AC3E421082E81BF0C90E2D75866.exe
-
Size
1.5MB
-
MD5
152fc3939962d6e1e572f00b33daf7b6
-
SHA1
25a7bebb0bdce7657fc563949befbf52021b5ea0
-
SHA256
f1aceefbbb01466f19ac3e421082e81bf0c90e2d758665bb8124b5ebf14b5743
-
SHA512
ba0700f093f904470b739363f5825b5ff7a0039dd2f70f3d2795496875bccfa5eadcb7794675d48fd437c3ced03fa454bad7e6dad7b5e9be2ef7a469433ee9e2
-
SSDEEP
24576:0crm83KQ6jF2oZkbkXu8MEG7GuR8jZBipt62ob1BKzickKhnakY:3XaJA86h7GuRIBat0BKvhX
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-