General
-
Target
6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840
-
Size
1.3MB
-
Sample
221101-msezpsbaa4
-
MD5
0341ab5a5d3d869672a4f67c39d1e701
-
SHA1
c59bccee4a48f2ab29764ed277afde3b95bb7a4b
-
SHA256
6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840
-
SHA512
93c9c7a5fd6866529dec1f99f813ab371e24102130275ea32435cc8ff7fc429a22abe377e89d895dfb3f0575664890fd7285bd0fd3b4474cd24d8c5593bd0bfe
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840.exe
Resource
win10-20220901-en
Malware Config
Targets
-
-
Target
6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840
-
Size
1.3MB
-
MD5
0341ab5a5d3d869672a4f67c39d1e701
-
SHA1
c59bccee4a48f2ab29764ed277afde3b95bb7a4b
-
SHA256
6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840
-
SHA512
93c9c7a5fd6866529dec1f99f813ab371e24102130275ea32435cc8ff7fc429a22abe377e89d895dfb3f0575664890fd7285bd0fd3b4474cd24d8c5593bd0bfe
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-