General
-
Target
0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34
-
Size
1.3MB
-
Sample
221031-2pzx2aegep
-
MD5
5f74955888f64a99ae9ae2ce9ce7a90a
-
SHA1
de75b7e881fb843fce2affc4eb0de86244750053
-
SHA256
0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34
-
SHA512
f94cf26ea5209f13b0cb1eeda9d62546cb1c23b2b4be277f0764b19c4db936a486e4730eeb4c67170d5d94087b7cbf3a2d6209798b020c132a33ea679ac65dd1
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34
-
Size
1.3MB
-
MD5
5f74955888f64a99ae9ae2ce9ce7a90a
-
SHA1
de75b7e881fb843fce2affc4eb0de86244750053
-
SHA256
0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34
-
SHA512
f94cf26ea5209f13b0cb1eeda9d62546cb1c23b2b4be277f0764b19c4db936a486e4730eeb4c67170d5d94087b7cbf3a2d6209798b020c132a33ea679ac65dd1
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-