General
-
Target
a99334c099cac557b3bc62ae7654d3b4.exe
-
Size
1.5MB
-
Sample
230112-1qgbmsbc93
-
MD5
a99334c099cac557b3bc62ae7654d3b4
-
SHA1
e1c5e919cd32b2ef32a04920a9992bce6f9e677d
-
SHA256
56c6f0d228895d66b602e7c81e4e54e7bf9d42d922272dcb3e35c422d375cbd9
-
SHA512
3238f9a88d0284142731d66e2c94ef88208acadfa3996086237bc076fb05491edd955670fafd47642ed77a47cb971cafd73fb0a10e293842ccfab0aa254eef66
-
SSDEEP
24576:VSMRshqVg7knYt0srvDhKaU80v3X3Po/ZLJVwZZ+Z5bNAsTio:0OXMTt0KbhU8GeZLLI85bNAs
Behavioral task
behavioral1
Sample
a99334c099cac557b3bc62ae7654d3b4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a99334c099cac557b3bc62ae7654d3b4.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
a99334c099cac557b3bc62ae7654d3b4.exe
-
Size
1.5MB
-
MD5
a99334c099cac557b3bc62ae7654d3b4
-
SHA1
e1c5e919cd32b2ef32a04920a9992bce6f9e677d
-
SHA256
56c6f0d228895d66b602e7c81e4e54e7bf9d42d922272dcb3e35c422d375cbd9
-
SHA512
3238f9a88d0284142731d66e2c94ef88208acadfa3996086237bc076fb05491edd955670fafd47642ed77a47cb971cafd73fb0a10e293842ccfab0aa254eef66
-
SSDEEP
24576:VSMRshqVg7knYt0srvDhKaU80v3X3Po/ZLJVwZZ+Z5bNAsTio:0OXMTt0KbhU8GeZLLI85bNAs
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-