General
-
Target
17367f89a9787ad1b7a0396701caefb2.exe
-
Size
2.6MB
-
Sample
220925-en3afaedhq
-
MD5
17367f89a9787ad1b7a0396701caefb2
-
SHA1
111be9fe32a2766478b859e76c3a2c491eb740d5
-
SHA256
381dc1b9c2aa823df0808b98780252517c090e9635614ac35835cf9238082151
-
SHA512
18d3b1f345417c17f58d0d5019e0fdacbbb57d8cdfba44d21dd8c56727801e8cf677d24598af0756f02b86518711470f2657ff301fe0b3d04836c34e9e2a7283
-
SSDEEP
49152:PpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:PZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Behavioral task
behavioral1
Sample
17367f89a9787ad1b7a0396701caefb2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
17367f89a9787ad1b7a0396701caefb2.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
17367f89a9787ad1b7a0396701caefb2.exe
-
Size
2.6MB
-
MD5
17367f89a9787ad1b7a0396701caefb2
-
SHA1
111be9fe32a2766478b859e76c3a2c491eb740d5
-
SHA256
381dc1b9c2aa823df0808b98780252517c090e9635614ac35835cf9238082151
-
SHA512
18d3b1f345417c17f58d0d5019e0fdacbbb57d8cdfba44d21dd8c56727801e8cf677d24598af0756f02b86518711470f2657ff301fe0b3d04836c34e9e2a7283
-
SSDEEP
49152:PpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:PZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-