General
-
Target
e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f
-
Size
1.3MB
-
Sample
221101-nmlqqscdcm
-
MD5
5adcab3a817aa61d37adca5b4fee4db1
-
SHA1
4bd46950e811638957c99d6665c80f2c442951a7
-
SHA256
e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f
-
SHA512
ac795800a0923185b2177a5d707c610b9f60fe87b57413e612357944bd2448eb4bab2c26cc3d7e4709b3ea062e470b548e5ad671bee7af18ba9ffc7873e2557a
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f
-
Size
1.3MB
-
MD5
5adcab3a817aa61d37adca5b4fee4db1
-
SHA1
4bd46950e811638957c99d6665c80f2c442951a7
-
SHA256
e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f
-
SHA512
ac795800a0923185b2177a5d707c610b9f60fe87b57413e612357944bd2448eb4bab2c26cc3d7e4709b3ea062e470b548e5ad671bee7af18ba9ffc7873e2557a
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-