General
-
Target
a0fe7c0a48a3a0f88f52b82b6fca8d9d.exe
-
Size
828KB
-
Sample
230111-cwv5zsea8z
-
MD5
a0fe7c0a48a3a0f88f52b82b6fca8d9d
-
SHA1
27c8ef07a014b2e3ba7efa6542a4098de50ce582
-
SHA256
1368c1a64455e8afed1c60f660f63e79b717be659c639f619d3591d684196aba
-
SHA512
3d39b95b77b979b4b5e8723fe12380334c36eb553cd115a61455e699c600091ce17759771bbeea086429fcecdf7423607361236650aff8c6c8e2779c2f5a8782
-
SSDEEP
12288:eRbgNHLA+BeYYUQ0Zf3ThR5CHcC9lxcLQQbpIQePMCxqo:+bArA+BeVUQ4f3gH1OLQOpIMCx3
Behavioral task
behavioral1
Sample
a0fe7c0a48a3a0f88f52b82b6fca8d9d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a0fe7c0a48a3a0f88f52b82b6fca8d9d.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
a0fe7c0a48a3a0f88f52b82b6fca8d9d.exe
-
Size
828KB
-
MD5
a0fe7c0a48a3a0f88f52b82b6fca8d9d
-
SHA1
27c8ef07a014b2e3ba7efa6542a4098de50ce582
-
SHA256
1368c1a64455e8afed1c60f660f63e79b717be659c639f619d3591d684196aba
-
SHA512
3d39b95b77b979b4b5e8723fe12380334c36eb553cd115a61455e699c600091ce17759771bbeea086429fcecdf7423607361236650aff8c6c8e2779c2f5a8782
-
SSDEEP
12288:eRbgNHLA+BeYYUQ0Zf3ThR5CHcC9lxcLQQbpIQePMCxqo:+bArA+BeVUQ4f3gH1OLQOpIMCx3
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-