General
-
Target
7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86
-
Size
1.3MB
-
Sample
221103-kgv6fagcc7
-
MD5
e65227584a520bee232e1af929cebed6
-
SHA1
b4157c0d6e72717db66dc036eba6df68c678158d
-
SHA256
7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86
-
SHA512
a48abe210173c5c382ee90123932117f7e4d774834ef934533536ee23defb393c424e20b7439f45313475563f5cf2af5f1955cc187477012b91089b7b1088816
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86
-
Size
1.3MB
-
MD5
e65227584a520bee232e1af929cebed6
-
SHA1
b4157c0d6e72717db66dc036eba6df68c678158d
-
SHA256
7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86
-
SHA512
a48abe210173c5c382ee90123932117f7e4d774834ef934533536ee23defb393c424e20b7439f45313475563f5cf2af5f1955cc187477012b91089b7b1088816
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-