General
-
Target
15a41a03793a900152444a84e91cd3fc.exe
-
Size
2.5MB
-
Sample
230119-d2216aba81
-
MD5
15a41a03793a900152444a84e91cd3fc
-
SHA1
a7fd9bc70ac8682680f574d78d89640333caf576
-
SHA256
739412eb753fb2197fb57e8cbdac7f6f283636c610277d2f6e329c01a34fcf74
-
SHA512
abeb37e10b578c4df6fc79712545cb4a2a9fdb5412d585e2fe7abf6bd4f0491f60d3d3f25100897af9efcc6023586822d2a8dd1e5a00202e4f110f32b4eec27e
-
SSDEEP
49152:CSg8kOqBMdDhtQM4I+MkmJm9LcBwQYdXQ4J:dfkOqGhhtn9+nmJm9LcBCXvJ
Behavioral task
behavioral1
Sample
15a41a03793a900152444a84e91cd3fc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
15a41a03793a900152444a84e91cd3fc.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
15a41a03793a900152444a84e91cd3fc.exe
-
Size
2.5MB
-
MD5
15a41a03793a900152444a84e91cd3fc
-
SHA1
a7fd9bc70ac8682680f574d78d89640333caf576
-
SHA256
739412eb753fb2197fb57e8cbdac7f6f283636c610277d2f6e329c01a34fcf74
-
SHA512
abeb37e10b578c4df6fc79712545cb4a2a9fdb5412d585e2fe7abf6bd4f0491f60d3d3f25100897af9efcc6023586822d2a8dd1e5a00202e4f110f32b4eec27e
-
SSDEEP
49152:CSg8kOqBMdDhtQM4I+MkmJm9LcBwQYdXQ4J:dfkOqGhhtn9+nmJm9LcBCXvJ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-