General
-
Target
file.exe
-
Size
1.8MB
-
Sample
230119-vbnjhsde6y
-
MD5
c2d98ce6d441b79d1ec3d50376b46b9a
-
SHA1
0854d68bf709c0a423e47c63eb0b6e9726c9c08f
-
SHA256
00c5b3c574053a1faa9d26f44a73b9db72178de14e95e46893a879229597b325
-
SHA512
459b5c85d4a29bd37b7e7697054cd0045df6a2eb6b8976ac5cce8e3a89eb93ca20e65636611534a383eae7e42c7117756665179780f0e85fb14d513d10dde13f
-
SSDEEP
49152:wkQTAUs8KECSOKf6n3C1s13gvSorrzsAf9yWU5:waCBOfICQvDrEAfwWU5
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
c2d98ce6d441b79d1ec3d50376b46b9a
-
SHA1
0854d68bf709c0a423e47c63eb0b6e9726c9c08f
-
SHA256
00c5b3c574053a1faa9d26f44a73b9db72178de14e95e46893a879229597b325
-
SHA512
459b5c85d4a29bd37b7e7697054cd0045df6a2eb6b8976ac5cce8e3a89eb93ca20e65636611534a383eae7e42c7117756665179780f0e85fb14d513d10dde13f
-
SSDEEP
49152:wkQTAUs8KECSOKf6n3C1s13gvSorrzsAf9yWU5:waCBOfICQvDrEAfwWU5
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-