General
-
Target
121e3de90abf2278d3dba0701045616a.exe
-
Size
1.6MB
-
Sample
220925-ebmdfsdah2
-
MD5
121e3de90abf2278d3dba0701045616a
-
SHA1
5f1b0812c4c62f8e84ac02cede638ea65ef15e34
-
SHA256
2b59699aca914b83391346f826e48c6f74f0208de0abdbf53773f82c35e9ff83
-
SHA512
d0eb995ffcb6bddf4b795880fb98c10eda0f440abdc41aabc46a99c6654b953921788d773168a7c63b1da51b3344979d1d9d9934154c1529ffd8653d23a33487
-
SSDEEP
49152:shNgwNHGuumlxR/uTxaMm3BMsP71Lx9N:85lDpjr9
Behavioral task
behavioral1
Sample
121e3de90abf2278d3dba0701045616a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
121e3de90abf2278d3dba0701045616a.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
121e3de90abf2278d3dba0701045616a.exe
-
Size
1.6MB
-
MD5
121e3de90abf2278d3dba0701045616a
-
SHA1
5f1b0812c4c62f8e84ac02cede638ea65ef15e34
-
SHA256
2b59699aca914b83391346f826e48c6f74f0208de0abdbf53773f82c35e9ff83
-
SHA512
d0eb995ffcb6bddf4b795880fb98c10eda0f440abdc41aabc46a99c6654b953921788d773168a7c63b1da51b3344979d1d9d9934154c1529ffd8653d23a33487
-
SSDEEP
49152:shNgwNHGuumlxR/uTxaMm3BMsP71Lx9N:85lDpjr9
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-