General
-
Target
3901c69b6a512e0a04191c06fa3ad1d0.exe
-
Size
315KB
-
Sample
221003-j29znagadr
-
MD5
3901c69b6a512e0a04191c06fa3ad1d0
-
SHA1
a83bde5b7bf349d2e1c561d6e2ad42b5394e0274
-
SHA256
5d3f37a7c26e9ed952646c5ad109748dbfaca5a48521a62dab7251097d0dbf16
-
SHA512
55a5c7f95418d0747bdfdf1a09d4ef622246b6371cd4f3c8a3427420aaa07336bf5c2de24b9f7513c19e0d14f475fc1a9c3f9fefc442a92e3d5af044f75dec24
-
SSDEEP
6144:37VyN3U5hGl0bHCI0AfGwrj/UAloI8LdorlE5fObRBVwCqy:3wNE5YbI0s/UXLdoa5f2BR
Behavioral task
behavioral1
Sample
3901c69b6a512e0a04191c06fa3ad1d0.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3901c69b6a512e0a04191c06fa3ad1d0.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
3901c69b6a512e0a04191c06fa3ad1d0.exe
-
Size
315KB
-
MD5
3901c69b6a512e0a04191c06fa3ad1d0
-
SHA1
a83bde5b7bf349d2e1c561d6e2ad42b5394e0274
-
SHA256
5d3f37a7c26e9ed952646c5ad109748dbfaca5a48521a62dab7251097d0dbf16
-
SHA512
55a5c7f95418d0747bdfdf1a09d4ef622246b6371cd4f3c8a3427420aaa07336bf5c2de24b9f7513c19e0d14f475fc1a9c3f9fefc442a92e3d5af044f75dec24
-
SSDEEP
6144:37VyN3U5hGl0bHCI0AfGwrj/UAloI8LdorlE5fObRBVwCqy:3wNE5YbI0s/UXLdoa5f2BR
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-