General
-
Target
bf1b4357d7462cf24d08b3dee21a1d66.exe
-
Size
2.1MB
-
Sample
230110-dhwp2aec2y
-
MD5
bf1b4357d7462cf24d08b3dee21a1d66
-
SHA1
3d087a8956fa7e03cfd0bfe7d4b981d7f2806e38
-
SHA256
11aa233605f898d03e961ce0b0015071b89376ac36ed4d4faeb3d44073096f29
-
SHA512
0cb9ae25b25a65cd3a29726b0ee8cb2fec1fe7b1f4de3f41e5019cf99737dc2439efa6f7a0d3594496523e0bf57203c2e4d9c6b25471508907c7110fe91dcb31
-
SSDEEP
49152:C5yY3TmvJfJMip/gR7JUzzRdMAafI5bOgdHE:CICY3vpWJydMAa8bdE
Static task
static1
Behavioral task
behavioral1
Sample
bf1b4357d7462cf24d08b3dee21a1d66.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bf1b4357d7462cf24d08b3dee21a1d66.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
bf1b4357d7462cf24d08b3dee21a1d66.exe
-
Size
2.1MB
-
MD5
bf1b4357d7462cf24d08b3dee21a1d66
-
SHA1
3d087a8956fa7e03cfd0bfe7d4b981d7f2806e38
-
SHA256
11aa233605f898d03e961ce0b0015071b89376ac36ed4d4faeb3d44073096f29
-
SHA512
0cb9ae25b25a65cd3a29726b0ee8cb2fec1fe7b1f4de3f41e5019cf99737dc2439efa6f7a0d3594496523e0bf57203c2e4d9c6b25471508907c7110fe91dcb31
-
SSDEEP
49152:C5yY3TmvJfJMip/gR7JUzzRdMAafI5bOgdHE:CICY3vpWJydMAa8bdE
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-