General
-
Target
7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4
-
Size
1.3MB
-
Sample
221031-1vnxaadea8
-
MD5
e66a62df308d5063fd55cca09ebbb957
-
SHA1
d627c89cb83a41bc6fbb39f818abb5e72c6021cb
-
SHA256
7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4
-
SHA512
62db5d037715b12bc70169eeea286c248a5a1268b972aa3bd9fb5c2e63189b4fb1abf8f9c154e0882880e0e4f4199caa4819aad2d0c973995481b5d8316596d0
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4
-
Size
1.3MB
-
MD5
e66a62df308d5063fd55cca09ebbb957
-
SHA1
d627c89cb83a41bc6fbb39f818abb5e72c6021cb
-
SHA256
7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4
-
SHA512
62db5d037715b12bc70169eeea286c248a5a1268b972aa3bd9fb5c2e63189b4fb1abf8f9c154e0882880e0e4f4199caa4819aad2d0c973995481b5d8316596d0
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-