General
-
Target
f62eff94e07ef27b446625c61c8e5aab7c9089f8057697ac9e07401e2ef63a98
-
Size
1.3MB
-
Sample
221031-147qradeh7
-
MD5
bddc7fd4a34a242fa39ee15779ba2912
-
SHA1
9338fc0d2ddc04e6587c0b6d008bbaf8e8931ceb
-
SHA256
f62eff94e07ef27b446625c61c8e5aab7c9089f8057697ac9e07401e2ef63a98
-
SHA512
7befa9c088de987046c4ebea37fb754ac2d5f2ef1c5f0284071757841ca684f3e04421c89544418f503077c4607528eaf9ff61c4c7a8d24f1ac4eed5f78bf790
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
f62eff94e07ef27b446625c61c8e5aab7c9089f8057697ac9e07401e2ef63a98.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
f62eff94e07ef27b446625c61c8e5aab7c9089f8057697ac9e07401e2ef63a98
-
Size
1.3MB
-
MD5
bddc7fd4a34a242fa39ee15779ba2912
-
SHA1
9338fc0d2ddc04e6587c0b6d008bbaf8e8931ceb
-
SHA256
f62eff94e07ef27b446625c61c8e5aab7c9089f8057697ac9e07401e2ef63a98
-
SHA512
7befa9c088de987046c4ebea37fb754ac2d5f2ef1c5f0284071757841ca684f3e04421c89544418f503077c4607528eaf9ff61c4c7a8d24f1ac4eed5f78bf790
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-