General
-
Target
1e3f692a00a384f021b60e1ac5e23c5c.exe
-
Size
2.6MB
-
Sample
220925-ebmdfsdag9
-
MD5
1e3f692a00a384f021b60e1ac5e23c5c
-
SHA1
b80fdeaaea1379f593314ad60d1ab9da6cf2daa1
-
SHA256
563d00ae7f20691f00834ec48e58f85519af8425e46045a03d587f3c6e42f3f6
-
SHA512
6d82fc2a4a11e5fde4c40a01101bb7f27ff1f901360359b8772f762d0ebe085d1382c43f220d0ddd6b1f76666087af33fa47de400ae1032afa4ace6c7cd2fc6c
-
SSDEEP
49152:PpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:PZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Behavioral task
behavioral1
Sample
1e3f692a00a384f021b60e1ac5e23c5c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1e3f692a00a384f021b60e1ac5e23c5c.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
1e3f692a00a384f021b60e1ac5e23c5c.exe
-
Size
2.6MB
-
MD5
1e3f692a00a384f021b60e1ac5e23c5c
-
SHA1
b80fdeaaea1379f593314ad60d1ab9da6cf2daa1
-
SHA256
563d00ae7f20691f00834ec48e58f85519af8425e46045a03d587f3c6e42f3f6
-
SHA512
6d82fc2a4a11e5fde4c40a01101bb7f27ff1f901360359b8772f762d0ebe085d1382c43f220d0ddd6b1f76666087af33fa47de400ae1032afa4ace6c7cd2fc6c
-
SSDEEP
49152:PpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:PZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-