General
-
Target
2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781
-
Size
1.3MB
-
Sample
221031-14g54aeeaj
-
MD5
cfb824eef7a06d0bad2f3679edf234a4
-
SHA1
9a6f0f77f562af8405bb51e099603a1f73c19ad0
-
SHA256
2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781
-
SHA512
1fa76f0e3bdc0686c142d17d00cd4857b514e5a5d20f7c4015c07987a938404110b95ff6cdfb95f6542784e0d6531da9867327925095cfd9091c5017c66dcdc8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781
-
Size
1.3MB
-
MD5
cfb824eef7a06d0bad2f3679edf234a4
-
SHA1
9a6f0f77f562af8405bb51e099603a1f73c19ad0
-
SHA256
2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781
-
SHA512
1fa76f0e3bdc0686c142d17d00cd4857b514e5a5d20f7c4015c07987a938404110b95ff6cdfb95f6542784e0d6531da9867327925095cfd9091c5017c66dcdc8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-