General
-
Target
b384bae14152546bfe204f60a9d267da.exe
-
Size
2.3MB
-
Sample
230127-at2tmshd2t
-
MD5
b384bae14152546bfe204f60a9d267da
-
SHA1
74dc84cddd03de2f50b0a3db6416eb05927bcad6
-
SHA256
ee798fd5e8c53a233321ef63056274f6ec8ef735c194a19950948eb2d8d41ede
-
SHA512
1d3d43f98523f556ec26b1e531248d904f76065112d7954552de767a812a471ef9be37498f5a015c8ef2a52d2e4f375ff5d42f233011a29bd9ae6dea7ca052bd
-
SSDEEP
49152:4EAW6oV1uWgMzCAKcNqGAonnXvjGt8YxKIh3i2L:bADWgmNqGAKKBli
Behavioral task
behavioral1
Sample
b384bae14152546bfe204f60a9d267da.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b384bae14152546bfe204f60a9d267da.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
b384bae14152546bfe204f60a9d267da.exe
-
Size
2.3MB
-
MD5
b384bae14152546bfe204f60a9d267da
-
SHA1
74dc84cddd03de2f50b0a3db6416eb05927bcad6
-
SHA256
ee798fd5e8c53a233321ef63056274f6ec8ef735c194a19950948eb2d8d41ede
-
SHA512
1d3d43f98523f556ec26b1e531248d904f76065112d7954552de767a812a471ef9be37498f5a015c8ef2a52d2e4f375ff5d42f233011a29bd9ae6dea7ca052bd
-
SSDEEP
49152:4EAW6oV1uWgMzCAKcNqGAonnXvjGt8YxKIh3i2L:bADWgmNqGAKKBli
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-