General
-
Target
079dfb06d86acd41bd61950e87896796c9dec565806b79621b73d233f4357772
-
Size
1.3MB
-
Sample
221031-2ymn3aehdp
-
MD5
0ad9199f6f48cd06902cf8af2011ead6
-
SHA1
d6404ecc23939b25e60b2e7d3bc8eba0bbc0829a
-
SHA256
079dfb06d86acd41bd61950e87896796c9dec565806b79621b73d233f4357772
-
SHA512
9d74efda903c27e15f80f85ca253623f31880cfe34d527834c708b1b1a2e41775eb9c92ba2dcfb1b564557422d34e6595c82b3134071c1123114cb14f7154f27
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
079dfb06d86acd41bd61950e87896796c9dec565806b79621b73d233f4357772.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
079dfb06d86acd41bd61950e87896796c9dec565806b79621b73d233f4357772
-
Size
1.3MB
-
MD5
0ad9199f6f48cd06902cf8af2011ead6
-
SHA1
d6404ecc23939b25e60b2e7d3bc8eba0bbc0829a
-
SHA256
079dfb06d86acd41bd61950e87896796c9dec565806b79621b73d233f4357772
-
SHA512
9d74efda903c27e15f80f85ca253623f31880cfe34d527834c708b1b1a2e41775eb9c92ba2dcfb1b564557422d34e6595c82b3134071c1123114cb14f7154f27
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-