General
-
Target
HEUR-Trojan-Spy.MSIL.Stealer.gen-d89d94282170.exe
-
Size
1.0MB
-
Sample
230122-m4jr2ahf5v
-
MD5
2e6fcc3e0fec764cd998291edae41835
-
SHA1
73e8e155eab7cf2512047c49a015c9f347af3186
-
SHA256
d89d94282170e98d32127e2c87754a1badf527018da2cb9338c3e5e6487e90c2
-
SHA512
f74431d531e8f0031fd36152df843cd49d50e8a789f90da9c2cf8fa7eb16b50ff02b1487aa17323be7532e9fc2da5f8f6d2b3aa30716e79795ce7812da3d2bd3
-
SSDEEP
24576:3Arz0IDy1hywvuMn0vvD1Pjh4GoVeT+uaXfBOVgsT3fQm:3/vjf
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan-Spy.MSIL.Stealer.gen-d89d94282170.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-Spy.MSIL.Stealer.gen-d89d94282170.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
HEUR-Trojan-Spy.MSIL.Stealer.gen-d89d94282170.exe
-
Size
1.0MB
-
MD5
2e6fcc3e0fec764cd998291edae41835
-
SHA1
73e8e155eab7cf2512047c49a015c9f347af3186
-
SHA256
d89d94282170e98d32127e2c87754a1badf527018da2cb9338c3e5e6487e90c2
-
SHA512
f74431d531e8f0031fd36152df843cd49d50e8a789f90da9c2cf8fa7eb16b50ff02b1487aa17323be7532e9fc2da5f8f6d2b3aa30716e79795ce7812da3d2bd3
-
SSDEEP
24576:3Arz0IDy1hywvuMn0vvD1Pjh4GoVeT+uaXfBOVgsT3fQm:3/vjf
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-