General
-
Target
68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae
-
Size
1.3MB
-
Sample
221031-1vxjesedam
-
MD5
763553395a9df86d92fdc62dbfeb6a37
-
SHA1
86a98da8a1e4e713467557fa64a3639cda9dc5f2
-
SHA256
68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae
-
SHA512
f0d82cfa6a3ae063fcf55801e3a4fe2bedca645b082b5441bdca4d7a7761332e7d5c8999a7d4b0fe9ba01a3f9112d9ab593b830471a11a489c0d11ee05d53dd2
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae
-
Size
1.3MB
-
MD5
763553395a9df86d92fdc62dbfeb6a37
-
SHA1
86a98da8a1e4e713467557fa64a3639cda9dc5f2
-
SHA256
68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae
-
SHA512
f0d82cfa6a3ae063fcf55801e3a4fe2bedca645b082b5441bdca4d7a7761332e7d5c8999a7d4b0fe9ba01a3f9112d9ab593b830471a11a489c0d11ee05d53dd2
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-