General
-
Target
1ab16df8f4ca6da3ff749ec6b65c57ed.exe
-
Size
2.6MB
-
Sample
220924-2zjc2adfel
-
MD5
1ab16df8f4ca6da3ff749ec6b65c57ed
-
SHA1
6a86417f494f8cd839cd615a848f9c58f2c546d2
-
SHA256
b48732dd80d273baa411ef94094f19adaf0ed373bb80a6b64bb090af2b97222f
-
SHA512
68d32a440844e78d82a97fb51fec8bda440ec8821d6f548daa676ae5fa6d5fb053261b442ef92ae7f73ec8880206cc34df3e9f4920e126bb83767898418619be
-
SSDEEP
49152:+pTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:+ZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Behavioral task
behavioral1
Sample
1ab16df8f4ca6da3ff749ec6b65c57ed.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
1ab16df8f4ca6da3ff749ec6b65c57ed.exe
-
Size
2.6MB
-
MD5
1ab16df8f4ca6da3ff749ec6b65c57ed
-
SHA1
6a86417f494f8cd839cd615a848f9c58f2c546d2
-
SHA256
b48732dd80d273baa411ef94094f19adaf0ed373bb80a6b64bb090af2b97222f
-
SHA512
68d32a440844e78d82a97fb51fec8bda440ec8821d6f548daa676ae5fa6d5fb053261b442ef92ae7f73ec8880206cc34df3e9f4920e126bb83767898418619be
-
SSDEEP
49152:+pTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:+ZpktrvTOqp2Nw3L0gRbfGI8sepeu1
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-