General
-
Target
b68945406413301b4a5195cda123ef91.exe
-
Size
2.3MB
-
Sample
230127-dsf3bsgc56
-
MD5
b68945406413301b4a5195cda123ef91
-
SHA1
3ee195713743c21c2d0576a4c37a3bb2687f601a
-
SHA256
7efd49f4c002fbe6c0380ae3da89cab96456090a2a9ea148fec6fc5263433d78
-
SHA512
ff6686870938b901d765af2085f60cb1a7a7698c14a6e2c41d0f03c536e0c4fa894cdb4c455904197c5cd2c282e049b230014c99c3f318ea1536f7e21ff5ade5
-
SSDEEP
49152:4EAW6oV1uWgMzCAKcNqGAonnXvjGt8YxKIh3i2L:bADWgmNqGAKKBli
Behavioral task
behavioral1
Sample
b68945406413301b4a5195cda123ef91.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b68945406413301b4a5195cda123ef91.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
b68945406413301b4a5195cda123ef91.exe
-
Size
2.3MB
-
MD5
b68945406413301b4a5195cda123ef91
-
SHA1
3ee195713743c21c2d0576a4c37a3bb2687f601a
-
SHA256
7efd49f4c002fbe6c0380ae3da89cab96456090a2a9ea148fec6fc5263433d78
-
SHA512
ff6686870938b901d765af2085f60cb1a7a7698c14a6e2c41d0f03c536e0c4fa894cdb4c455904197c5cd2c282e049b230014c99c3f318ea1536f7e21ff5ade5
-
SSDEEP
49152:4EAW6oV1uWgMzCAKcNqGAonnXvjGt8YxKIh3i2L:bADWgmNqGAKKBli
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-