General
-
Target
f6c1990f00c7c5ff1740807aab4d950e424aaec26010dc8d10c3a6fadff2e47a
-
Size
2.7MB
-
Sample
230110-17vkladf5z
-
MD5
03568cc59bb988ddeb9df3481f81882c
-
SHA1
1d366a8f9a7cd51b18a69643a1d93dc3af82da65
-
SHA256
f6c1990f00c7c5ff1740807aab4d950e424aaec26010dc8d10c3a6fadff2e47a
-
SHA512
7f9b9fd8e5af7a4660cd1d9ec19489eb7daf759d2065fdb5386c07cb363a0ec0c08a333da994762fadcf523a49896f234ca6e6465727b8a6886baf59f7436b2d
-
SSDEEP
49152:jbA30Dluyq908xIgQSZjQEoKG7iBNFqPGgeTVvXB8t15KQA+zv+3FGOGp:jbcL5jAiNA+pBvB8v5TAhVGrp
Static task
static1
Behavioral task
behavioral1
Sample
f6c1990f00c7c5ff1740807aab4d950e424aaec26010dc8d10c3a6fadff2e47a.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
f6c1990f00c7c5ff1740807aab4d950e424aaec26010dc8d10c3a6fadff2e47a
-
Size
2.7MB
-
MD5
03568cc59bb988ddeb9df3481f81882c
-
SHA1
1d366a8f9a7cd51b18a69643a1d93dc3af82da65
-
SHA256
f6c1990f00c7c5ff1740807aab4d950e424aaec26010dc8d10c3a6fadff2e47a
-
SHA512
7f9b9fd8e5af7a4660cd1d9ec19489eb7daf759d2065fdb5386c07cb363a0ec0c08a333da994762fadcf523a49896f234ca6e6465727b8a6886baf59f7436b2d
-
SSDEEP
49152:jbA30Dluyq908xIgQSZjQEoKG7iBNFqPGgeTVvXB8t15KQA+zv+3FGOGp:jbcL5jAiNA+pBvB8v5TAhVGrp
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-