General
-
Target
ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531
-
Size
1.3MB
-
Sample
221101-nxep6scedk
-
MD5
bc3d01320d7c5ccee01146255acad0de
-
SHA1
304146f97774834c7d76d0762ef026884a74c077
-
SHA256
ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531
-
SHA512
945e73f285fdace62c6892cbe68659ae6d9d357f6cfe9b5c415335d45c355304e087b8beae69298ef43befbbfe71bc7a1d8bc9a330e7f693e0029926cdb3a7e8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531
-
Size
1.3MB
-
MD5
bc3d01320d7c5ccee01146255acad0de
-
SHA1
304146f97774834c7d76d0762ef026884a74c077
-
SHA256
ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531
-
SHA512
945e73f285fdace62c6892cbe68659ae6d9d357f6cfe9b5c415335d45c355304e087b8beae69298ef43befbbfe71bc7a1d8bc9a330e7f693e0029926cdb3a7e8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-