General
-
Target
0bcc3265d6d56e45dab526559699b422.exe
-
Size
2.9MB
-
Sample
230115-yks25sfd3y
-
MD5
0bcc3265d6d56e45dab526559699b422
-
SHA1
7d39ccb90dd9bbfed5821fc0f99412c35a0042c0
-
SHA256
a94aca257665bcea149485ab8facd158b5aa6d7c0885b68b56d1a97293dc663e
-
SHA512
9c9eaaf4bacb3db059b60807647c6aedfd3f00953ab29c35a13780df506774d4b04b678c6f6c7c3ae4ed5f8e07db0be48e76eff23b1c6a26454be55a47fa7bd9
-
SSDEEP
49152:UbA30uDZpwmT1XvIwCsVM69SorvgQM/Fngf2z5op/SyPfvxgN+B3Ah8:UbatphI3sVBdrvgj/Fgf2z5op/dPnxq+
Behavioral task
behavioral1
Sample
0bcc3265d6d56e45dab526559699b422.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
0bcc3265d6d56e45dab526559699b422.exe
-
Size
2.9MB
-
MD5
0bcc3265d6d56e45dab526559699b422
-
SHA1
7d39ccb90dd9bbfed5821fc0f99412c35a0042c0
-
SHA256
a94aca257665bcea149485ab8facd158b5aa6d7c0885b68b56d1a97293dc663e
-
SHA512
9c9eaaf4bacb3db059b60807647c6aedfd3f00953ab29c35a13780df506774d4b04b678c6f6c7c3ae4ed5f8e07db0be48e76eff23b1c6a26454be55a47fa7bd9
-
SSDEEP
49152:UbA30uDZpwmT1XvIwCsVM69SorvgQM/Fngf2z5op/SyPfvxgN+B3Ah8:UbatphI3sVBdrvgj/Fgf2z5op/dPnxq+
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-