General
-
Target
b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167
-
Size
1.3MB
-
Sample
221031-2qptfsegfl
-
MD5
9ad10646d325637bc5303f9dd7ee3252
-
SHA1
562ceac0521dceee0a16cbc79ccd0ce3830911f9
-
SHA256
b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167
-
SHA512
334f34772103c2d542f2726fb2fdf0dd5c2c8484cbaffd3fe93ed5c9a87388a3f710bd8dc95a5960ebcdb605294f5cf9b1c0f77fa30dd4e897d9348b01ca56fb
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167
-
Size
1.3MB
-
MD5
9ad10646d325637bc5303f9dd7ee3252
-
SHA1
562ceac0521dceee0a16cbc79ccd0ce3830911f9
-
SHA256
b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167
-
SHA512
334f34772103c2d542f2726fb2fdf0dd5c2c8484cbaffd3fe93ed5c9a87388a3f710bd8dc95a5960ebcdb605294f5cf9b1c0f77fa30dd4e897d9348b01ca56fb
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-