General
-
Target
86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5
-
Size
1.3MB
-
Sample
221031-2rmeqaegfp
-
MD5
62d73b47b7fde8d0a8ef3e36e2aba67c
-
SHA1
ff43247f4f03153ad4f1f3756e3be59b679939ca
-
SHA256
86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5
-
SHA512
819739c17cbc5407684e3bb2b762ea88cbc2185c16bbe1cc9189a39446d6adbb3357e62f4d811c981e294416d46db78dcd5ee72c4bd263283b2add184f791dab
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5
-
Size
1.3MB
-
MD5
62d73b47b7fde8d0a8ef3e36e2aba67c
-
SHA1
ff43247f4f03153ad4f1f3756e3be59b679939ca
-
SHA256
86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5
-
SHA512
819739c17cbc5407684e3bb2b762ea88cbc2185c16bbe1cc9189a39446d6adbb3357e62f4d811c981e294416d46db78dcd5ee72c4bd263283b2add184f791dab
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-