General
-
Target
44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf
-
Size
1.3MB
-
Sample
221031-1wwnhsdec2
-
MD5
5f368e4be1493c3394c093c4efbcf4a6
-
SHA1
519a64192320ee05a1177e10fbdc551350ec4792
-
SHA256
44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf
-
SHA512
be1086d83f6cfa9dfa5289cd8fe6daba7839bdef32c641d9b2e1901da21090d02bc32a2e8d7fa2c7bd9d8305c4795f7ead32a9dae79aa3a60db9f982d281045b
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf
-
Size
1.3MB
-
MD5
5f368e4be1493c3394c093c4efbcf4a6
-
SHA1
519a64192320ee05a1177e10fbdc551350ec4792
-
SHA256
44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf
-
SHA512
be1086d83f6cfa9dfa5289cd8fe6daba7839bdef32c641d9b2e1901da21090d02bc32a2e8d7fa2c7bd9d8305c4795f7ead32a9dae79aa3a60db9f982d281045b
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-