General
-
Target
f25266e56257501c11aad09f7f20e63b2329a91c86f62ab04432240dba3fe10f
-
Size
1.3MB
-
Sample
221031-2qf7badhb6
-
MD5
0821a51208dc64094fe9edc4288a04de
-
SHA1
797ce49da4f0952cfe632f13727974f1de4d7e33
-
SHA256
f25266e56257501c11aad09f7f20e63b2329a91c86f62ab04432240dba3fe10f
-
SHA512
c5965e003d3ba454a3106e422b5b5ab456bbaa7837bca74da6a9f8dd35c7189e64470d2379f854113b881feed837be0efad87acb5d60e812ca2515f07837e7d8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
f25266e56257501c11aad09f7f20e63b2329a91c86f62ab04432240dba3fe10f.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
f25266e56257501c11aad09f7f20e63b2329a91c86f62ab04432240dba3fe10f
-
Size
1.3MB
-
MD5
0821a51208dc64094fe9edc4288a04de
-
SHA1
797ce49da4f0952cfe632f13727974f1de4d7e33
-
SHA256
f25266e56257501c11aad09f7f20e63b2329a91c86f62ab04432240dba3fe10f
-
SHA512
c5965e003d3ba454a3106e422b5b5ab456bbaa7837bca74da6a9f8dd35c7189e64470d2379f854113b881feed837be0efad87acb5d60e812ca2515f07837e7d8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-