General
-
Target
41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33
-
Size
1.3MB
-
Sample
221031-1v56kadeb3
-
MD5
f7fd0b658eaac68037f56af9928a98cb
-
SHA1
97dd670181764e698c8ba24d0416a8533d7dd2c6
-
SHA256
41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33
-
SHA512
60b99521b4fd92ababbbac91910514decbd20555b5777c94bd3100419a8715a8d0dca9a544b28aa1f54f17c06231e62fa19f56c326f260b43d9b8c5da3479dbe
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33
-
Size
1.3MB
-
MD5
f7fd0b658eaac68037f56af9928a98cb
-
SHA1
97dd670181764e698c8ba24d0416a8533d7dd2c6
-
SHA256
41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33
-
SHA512
60b99521b4fd92ababbbac91910514decbd20555b5777c94bd3100419a8715a8d0dca9a544b28aa1f54f17c06231e62fa19f56c326f260b43d9b8c5da3479dbe
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-