General
-
Target
6bc0f24aa721a73e5964fafaeae8dd272fa320a5f2cad7a0ade54dcd1c189bf3
-
Size
1.3MB
-
Sample
221101-mlwc4sbhar
-
MD5
b48aa0712ad3d824893fe3110d4cfec5
-
SHA1
29a08ccd632bb1155b66d604b612d7c8967c6817
-
SHA256
6bc0f24aa721a73e5964fafaeae8dd272fa320a5f2cad7a0ade54dcd1c189bf3
-
SHA512
f9f0a10a69f0824d5815cb835af4b3caf174fd9b11e3606f1ee76c3bc56156922a98a2c00f8e4cf339d3236a18e4bbe0285641319f77b22b65f5e653b9e395a2
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
6bc0f24aa721a73e5964fafaeae8dd272fa320a5f2cad7a0ade54dcd1c189bf3.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
6bc0f24aa721a73e5964fafaeae8dd272fa320a5f2cad7a0ade54dcd1c189bf3
-
Size
1.3MB
-
MD5
b48aa0712ad3d824893fe3110d4cfec5
-
SHA1
29a08ccd632bb1155b66d604b612d7c8967c6817
-
SHA256
6bc0f24aa721a73e5964fafaeae8dd272fa320a5f2cad7a0ade54dcd1c189bf3
-
SHA512
f9f0a10a69f0824d5815cb835af4b3caf174fd9b11e3606f1ee76c3bc56156922a98a2c00f8e4cf339d3236a18e4bbe0285641319f77b22b65f5e653b9e395a2
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-