General
-
Target
82810f4111ffd31d329542d9f55c6301f7ba6fc5dd0ce77e140af29fcf510bfc
-
Size
1.5MB
-
Sample
230122-sl2ssaab6z
-
MD5
d2a93b8b0c87c60f03a15fb4064a70ed
-
SHA1
06cf614ebc8d721f8b1a5ee9fee7e2f694510656
-
SHA256
82810f4111ffd31d329542d9f55c6301f7ba6fc5dd0ce77e140af29fcf510bfc
-
SHA512
e05924e3269f762d2a93171af26d766b093fe3e87927ad2c2e913b3753b042e591ded5b8ef955de9149dee3ee9741dcd221a2c4f2697b830936f5bbde0e8d9a8
-
SSDEEP
24576:U2G/nvxW3Ww0tMim6FJcBSADZw7K2pI3skCYJhnJh+c0UUZsQNw:UbA30MpuySigA6YJE1u
Behavioral task
behavioral1
Sample
82810f4111ffd31d329542d9f55c6301f7ba6fc5dd0ce77e140af29fcf510bfc.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
82810f4111ffd31d329542d9f55c6301f7ba6fc5dd0ce77e140af29fcf510bfc
-
Size
1.5MB
-
MD5
d2a93b8b0c87c60f03a15fb4064a70ed
-
SHA1
06cf614ebc8d721f8b1a5ee9fee7e2f694510656
-
SHA256
82810f4111ffd31d329542d9f55c6301f7ba6fc5dd0ce77e140af29fcf510bfc
-
SHA512
e05924e3269f762d2a93171af26d766b093fe3e87927ad2c2e913b3753b042e591ded5b8ef955de9149dee3ee9741dcd221a2c4f2697b830936f5bbde0e8d9a8
-
SSDEEP
24576:U2G/nvxW3Ww0tMim6FJcBSADZw7K2pI3skCYJhnJh+c0UUZsQNw:UbA30MpuySigA6YJE1u
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-