General
-
Target
e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38
-
Size
1.3MB
-
Sample
221101-mk4cbsahb4
-
MD5
0609f4caaa0c66b20f08d299358d143d
-
SHA1
6f4f4034f94664036ddab57a1a21a15006f5771f
-
SHA256
e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38
-
SHA512
a8040ba249509cb314a3dd924c5d9c47efa05704e7b1a0290b24c9513f4cbafa6d2d4d043f6cd05d028e7120c30c45b71a388893f4171dc6183161842d1d99e1
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38
-
Size
1.3MB
-
MD5
0609f4caaa0c66b20f08d299358d143d
-
SHA1
6f4f4034f94664036ddab57a1a21a15006f5771f
-
SHA256
e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38
-
SHA512
a8040ba249509cb314a3dd924c5d9c47efa05704e7b1a0290b24c9513f4cbafa6d2d4d043f6cd05d028e7120c30c45b71a388893f4171dc6183161842d1d99e1
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-