General
-
Target
dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191
-
Size
1.3MB
-
Sample
221031-2phzhsdha9
-
MD5
69342a34cffe872383860b1e1f5af7ac
-
SHA1
ac863545a3cc152f62cd7481a5a7a138cfb47cde
-
SHA256
dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191
-
SHA512
aad9aaee13d9ed139d15e2931cedaed8eaa5af95ebd7f678352b3e421928ee1685240390db002d797fb135c62ee79532b898745b08c0d932ff453bb4dfc3c349
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191
-
Size
1.3MB
-
MD5
69342a34cffe872383860b1e1f5af7ac
-
SHA1
ac863545a3cc152f62cd7481a5a7a138cfb47cde
-
SHA256
dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191
-
SHA512
aad9aaee13d9ed139d15e2931cedaed8eaa5af95ebd7f678352b3e421928ee1685240390db002d797fb135c62ee79532b898745b08c0d932ff453bb4dfc3c349
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-