General
-
Target
717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe
-
Size
1.3MB
-
Sample
221101-nx8m9abfb2
-
MD5
506eb6cabb965526be45934ce1a8852f
-
SHA1
d1786794e0e13dec4b976ebcd9e1ef2f4e3ed781
-
SHA256
717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe
-
SHA512
da97be5595761f94568ffc6dbc3c2d62d34f0d52ed015526d3231a80c1f33c56e2310b13dee429a4868079515aa8072006421d983141254279857040b2d2fb36
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe
-
Size
1.3MB
-
MD5
506eb6cabb965526be45934ce1a8852f
-
SHA1
d1786794e0e13dec4b976ebcd9e1ef2f4e3ed781
-
SHA256
717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe
-
SHA512
da97be5595761f94568ffc6dbc3c2d62d34f0d52ed015526d3231a80c1f33c56e2310b13dee429a4868079515aa8072006421d983141254279857040b2d2fb36
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-