General
-
Target
013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17
-
Size
1.3MB
-
Sample
221031-15fnnadfa3
-
MD5
9e1b9bd473dd52e0f35a1d55eb55cee8
-
SHA1
af3477a68c801b7aebb68c4aa982835f16b17855
-
SHA256
013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17
-
SHA512
ca15eab84284b8b34fff5a68973f01f79b65d2c72f94769f34c6824c50d6e1947f06ba9caa114e85c838f479bbe4f13a79eb03b9132ee2794952b6a2e4b41b47
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17
-
Size
1.3MB
-
MD5
9e1b9bd473dd52e0f35a1d55eb55cee8
-
SHA1
af3477a68c801b7aebb68c4aa982835f16b17855
-
SHA256
013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17
-
SHA512
ca15eab84284b8b34fff5a68973f01f79b65d2c72f94769f34c6824c50d6e1947f06ba9caa114e85c838f479bbe4f13a79eb03b9132ee2794952b6a2e4b41b47
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-