General
-
Target
c5598feb9aa8270fde3defea2a203a76.exe
-
Size
1.0MB
-
Sample
230110-hcxglaae6s
-
MD5
c5598feb9aa8270fde3defea2a203a76
-
SHA1
379fbd3105c65b562b4c5d94a6a61db4c9755a78
-
SHA256
dfc9ecd681ac21c94bae46bb1f511b2b1c3897296abf84cc1b33d6ccbee86fae
-
SHA512
f0f9bfdc676289b0d387ed07f5439d8008e7df2985020e555f89b6fcc242fa48d81985dbe37470f2d623da4c603e89832d38b022ea6815102069a37df1dd3ea0
-
SSDEEP
12288:w4qd6aRELyuaoLM3zwO59ds8ymea8e6IVFAIMVGJYIdCkXNksClcamrAqZaKgv:w4qdwLy4AB8lSWoGzs1rih
Static task
static1
Behavioral task
behavioral1
Sample
c5598feb9aa8270fde3defea2a203a76.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c5598feb9aa8270fde3defea2a203a76.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
c5598feb9aa8270fde3defea2a203a76.exe
-
Size
1.0MB
-
MD5
c5598feb9aa8270fde3defea2a203a76
-
SHA1
379fbd3105c65b562b4c5d94a6a61db4c9755a78
-
SHA256
dfc9ecd681ac21c94bae46bb1f511b2b1c3897296abf84cc1b33d6ccbee86fae
-
SHA512
f0f9bfdc676289b0d387ed07f5439d8008e7df2985020e555f89b6fcc242fa48d81985dbe37470f2d623da4c603e89832d38b022ea6815102069a37df1dd3ea0
-
SSDEEP
12288:w4qd6aRELyuaoLM3zwO59ds8ymea8e6IVFAIMVGJYIdCkXNksClcamrAqZaKgv:w4qdwLy4AB8lSWoGzs1rih
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-