General
-
Target
a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba
-
Size
1.3MB
-
Sample
221031-1t7m1adea4
-
MD5
35cbf6c3ebd630ec4396fb18e13b864c
-
SHA1
641a686d7faebf4621d43b324bf7436ed8790321
-
SHA256
a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba
-
SHA512
fa7f2383953d5fac75fc4eb0bf56ef9f5b81452817dfe171503dbdc0ec6cd354a07f6c81eaecf4202d0bb858ba2eb37ca6d97ddb615b4de3d7513d3e2a436d58
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba
-
Size
1.3MB
-
MD5
35cbf6c3ebd630ec4396fb18e13b864c
-
SHA1
641a686d7faebf4621d43b324bf7436ed8790321
-
SHA256
a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba
-
SHA512
fa7f2383953d5fac75fc4eb0bf56ef9f5b81452817dfe171503dbdc0ec6cd354a07f6c81eaecf4202d0bb858ba2eb37ca6d97ddb615b4de3d7513d3e2a436d58
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-