General
-
Target
12312de68052a05888a9cf9d804cec6c.exe
-
Size
2.6MB
-
Sample
220925-ehcsladbb7
-
MD5
12312de68052a05888a9cf9d804cec6c
-
SHA1
ddae2aaadb5b462c95a768d15b9cbb8ddc97571f
-
SHA256
561c42758fa04340f8d121384f586adfe1a032e1dcdf7580e5047a7e7dc42e8c
-
SHA512
02f0c91703a50c57f7ab24b05676933d8ce102a0da608a610b6fb066dffed1a32affe6dcdccb9aeb79c1714b134ada7b2c2a9219f8d3d6ed2cf13b4fa8348630
-
SSDEEP
49152:XpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:XZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Behavioral task
behavioral1
Sample
12312de68052a05888a9cf9d804cec6c.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
12312de68052a05888a9cf9d804cec6c.exe
-
Size
2.6MB
-
MD5
12312de68052a05888a9cf9d804cec6c
-
SHA1
ddae2aaadb5b462c95a768d15b9cbb8ddc97571f
-
SHA256
561c42758fa04340f8d121384f586adfe1a032e1dcdf7580e5047a7e7dc42e8c
-
SHA512
02f0c91703a50c57f7ab24b05676933d8ce102a0da608a610b6fb066dffed1a32affe6dcdccb9aeb79c1714b134ada7b2c2a9219f8d3d6ed2cf13b4fa8348630
-
SSDEEP
49152:XpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:XZpktrvTOqp2Nw3L0gRbfGI8sepeu1
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-