General
-
Target
43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04
-
Size
1.3MB
-
Sample
221031-2zbm7aeheq
-
MD5
d61e34fd865df9c48b80c2d462d472eb
-
SHA1
c833d7ea0b82db54e5c0312229bbcc13c9388f5c
-
SHA256
43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04
-
SHA512
a08eb57f46bd1c5e53ec239348822f02113ad41f39dc8994f7b4520332f231784849a67550327bb27058be467aab06d20d38a3f0e10f333c7a830252f7ef1e76
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04
-
Size
1.3MB
-
MD5
d61e34fd865df9c48b80c2d462d472eb
-
SHA1
c833d7ea0b82db54e5c0312229bbcc13c9388f5c
-
SHA256
43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04
-
SHA512
a08eb57f46bd1c5e53ec239348822f02113ad41f39dc8994f7b4520332f231784849a67550327bb27058be467aab06d20d38a3f0e10f333c7a830252f7ef1e76
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-