General
-
Target
0915a0d7a9f49c50d34739af3c4337de.exe
-
Size
10.0MB
-
Sample
220925-cs1ajacgh2
-
MD5
0915a0d7a9f49c50d34739af3c4337de
-
SHA1
4cb12c36ba21062be37c3f589f8d2418405b1870
-
SHA256
745289f6734583185e533aab1579ba1274150b062207d5d879d8c46a3dbc5188
-
SHA512
baf2f42afdcd409848ad106c14ea5f1f088802580de7f026bc21b407f4eeab8759892fe30d5ed59b70e8a97588b9c0f067c90ff1bb4b0c52d90ab6fefb29b8ec
-
SSDEEP
196608:YWkBzjZOGf4VlZREoSMOaV4PmnhDaEqvVVU/114/v6g:YWkhtOGfCWytB0tVU/Ng
Static task
static1
Behavioral task
behavioral1
Sample
0915a0d7a9f49c50d34739af3c4337de.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0915a0d7a9f49c50d34739af3c4337de.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
0915a0d7a9f49c50d34739af3c4337de.exe
-
Size
10.0MB
-
MD5
0915a0d7a9f49c50d34739af3c4337de
-
SHA1
4cb12c36ba21062be37c3f589f8d2418405b1870
-
SHA256
745289f6734583185e533aab1579ba1274150b062207d5d879d8c46a3dbc5188
-
SHA512
baf2f42afdcd409848ad106c14ea5f1f088802580de7f026bc21b407f4eeab8759892fe30d5ed59b70e8a97588b9c0f067c90ff1bb4b0c52d90ab6fefb29b8ec
-
SSDEEP
196608:YWkBzjZOGf4VlZREoSMOaV4PmnhDaEqvVVU/114/v6g:YWkhtOGfCWytB0tVU/Ng
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-