General
-
Target
6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961
-
Size
1.3MB
-
Sample
221101-tnvypaebeq
-
MD5
a9b0d7b407f8967320431e2d07449422
-
SHA1
2f839d88e4d85e1ab84d57d4a69f80a603c42145
-
SHA256
6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961
-
SHA512
411e3f83520b5611d1de7a9ac2dfa7283c5402865734e18851228d256f719b78f1f77d71bd0c268c8279446573c1e2eecc4c22aab8efaa60e7f5048a36514cff
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961
-
Size
1.3MB
-
MD5
a9b0d7b407f8967320431e2d07449422
-
SHA1
2f839d88e4d85e1ab84d57d4a69f80a603c42145
-
SHA256
6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961
-
SHA512
411e3f83520b5611d1de7a9ac2dfa7283c5402865734e18851228d256f719b78f1f77d71bd0c268c8279446573c1e2eecc4c22aab8efaa60e7f5048a36514cff
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-