General
-
Target
f9a6ea9fb97c1dd78c6671432ab1bc38d1da662d616b39fa6ce77ac2f50b6d01
-
Size
1.3MB
-
Sample
221101-n1frmscegk
-
MD5
621a3d05f61ec50f9588da0458bf9208
-
SHA1
7ba723cd0fb59444d51e7586f34058600292fab3
-
SHA256
f9a6ea9fb97c1dd78c6671432ab1bc38d1da662d616b39fa6ce77ac2f50b6d01
-
SHA512
d3afd153c382fc0b71907b1bf5ca7b297d02abe6bf89d7a9f479a1ff36bdcfe7c0fa60babc8cc1ea5c6d05b801b03cf5b1c47545384e74274409c6a93e74813a
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
f9a6ea9fb97c1dd78c6671432ab1bc38d1da662d616b39fa6ce77ac2f50b6d01.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
f9a6ea9fb97c1dd78c6671432ab1bc38d1da662d616b39fa6ce77ac2f50b6d01
-
Size
1.3MB
-
MD5
621a3d05f61ec50f9588da0458bf9208
-
SHA1
7ba723cd0fb59444d51e7586f34058600292fab3
-
SHA256
f9a6ea9fb97c1dd78c6671432ab1bc38d1da662d616b39fa6ce77ac2f50b6d01
-
SHA512
d3afd153c382fc0b71907b1bf5ca7b297d02abe6bf89d7a9f479a1ff36bdcfe7c0fa60babc8cc1ea5c6d05b801b03cf5b1c47545384e74274409c6a93e74813a
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-