General
-
Target
NixWare Crck by cvrsxd (Пароль 123).rar
-
Size
7.3MB
-
Sample
230125-qlm9aahg6s
-
MD5
397208bb074894ccafc7363f8c252235
-
SHA1
2277fc333928e7d06d9e08f4c351138c695dc2b8
-
SHA256
be7dd6132932358d0d3f9f8ec8e6873b33209c1472693794432b436d3054b57d
-
SHA512
dbb1a7d41b1dd6aabe17391222dcc9fb7d7e770d1e2d6004464cb5d20a59c0ad244b6bbaa9730ab405e609548b7abe9694f355e630cb63a31a1992cea339e3a4
-
SSDEEP
196608:cNAlRBV3UusXua+zDLiLfRU/zqdD9BS4QaywniTTK:Y4Rsea+eLe/WDHS7winK
Behavioral task
behavioral1
Sample
NixWare Crck by cvrsxd.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
NixWare Crck by cvrsxd.exe
-
Size
7.7MB
-
MD5
7f15f641a57e45f8df8699d0252c21a8
-
SHA1
9c43544e6ce38515308e8c332739db4c1e20a1b0
-
SHA256
35eb19ea69a24e05c25dc6b2adab9251b8fe30e91e8217e271bda0acf750590c
-
SHA512
3c1d78c6df1bc684dc54690a3ce4bc672b7e9c2ac944b04cef9a6613ee4de8cb28f9e8cdd75b22e99d5261e7d01caad0c11e8de73d2e338c994d8969e50277a9
-
SSDEEP
196608:q9P9NAfoqdQmRrdA6lsuErSEEJwdF6OrtYPXk0X:+P96f9dQOls+9JOrt8X
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-