General
-
Target
8148B7D10CC4D45AC6C2D1454119161A1EE677AC0986E.exe
-
Size
2.1MB
-
Sample
230125-erxt5age9w
-
MD5
f26bb4f3cc67c00580554bea3dac5e4a
-
SHA1
14c7857a8edc29dce1a27379f60f0d9443303627
-
SHA256
8148b7d10cc4d45ac6c2d1454119161a1ee677ac0986e4dd86e2f38a15b7ac19
-
SHA512
32c1d95bde25e1807ce7312280106259831057df7da893041c43d3c76def49de500ccb7e87b8c08af7657fdbd22117d9320dc4f9e7eebed85f54b3f2e7418010
-
SSDEEP
49152:tmyDQOI0/F/LopeanZ6QNo1y80nfLSx9ZEQCUn/ty374FM5YLCbtYY2Zy:kyDRZFTopJhTfe3ZtVy3x1btJv
Behavioral task
behavioral1
Sample
8148B7D10CC4D45AC6C2D1454119161A1EE677AC0986E.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8148B7D10CC4D45AC6C2D1454119161A1EE677AC0986E.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
8148B7D10CC4D45AC6C2D1454119161A1EE677AC0986E.exe
-
Size
2.1MB
-
MD5
f26bb4f3cc67c00580554bea3dac5e4a
-
SHA1
14c7857a8edc29dce1a27379f60f0d9443303627
-
SHA256
8148b7d10cc4d45ac6c2d1454119161a1ee677ac0986e4dd86e2f38a15b7ac19
-
SHA512
32c1d95bde25e1807ce7312280106259831057df7da893041c43d3c76def49de500ccb7e87b8c08af7657fdbd22117d9320dc4f9e7eebed85f54b3f2e7418010
-
SSDEEP
49152:tmyDQOI0/F/LopeanZ6QNo1y80nfLSx9ZEQCUn/ty374FM5YLCbtYY2Zy:kyDRZFTopJhTfe3ZtVy3x1btJv
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-