General
-
Target
08fc1733699f4d233399ebd5f298a235.exe
-
Size
2.6MB
-
Sample
220925-g1gklseghm
-
MD5
08fc1733699f4d233399ebd5f298a235
-
SHA1
0f7ee90a93298a5f8cad49d42e65c82e832baad3
-
SHA256
a966d6260a8f2b77aa46f87821420e1364eced43f0bf0124aeeecd13e92cfbd3
-
SHA512
35d38601bc65e28cf9b40d73eda02531f2f43e88ebafdc60d2bbef561dd4c7e49105bf355b4dfcd4e059f9943653ee97dfed7d890d395fc2856f08588557b0c3
-
SSDEEP
49152:dpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:dZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Behavioral task
behavioral1
Sample
08fc1733699f4d233399ebd5f298a235.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
08fc1733699f4d233399ebd5f298a235.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
08fc1733699f4d233399ebd5f298a235.exe
-
Size
2.6MB
-
MD5
08fc1733699f4d233399ebd5f298a235
-
SHA1
0f7ee90a93298a5f8cad49d42e65c82e832baad3
-
SHA256
a966d6260a8f2b77aa46f87821420e1364eced43f0bf0124aeeecd13e92cfbd3
-
SHA512
35d38601bc65e28cf9b40d73eda02531f2f43e88ebafdc60d2bbef561dd4c7e49105bf355b4dfcd4e059f9943653ee97dfed7d890d395fc2856f08588557b0c3
-
SSDEEP
49152:dpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:dZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-