General
-
Target
a8327e7f73f4d7a3931072ca1e489d82.exe
-
Size
1.5MB
-
Sample
230127-klez1sbe2w
-
MD5
a8327e7f73f4d7a3931072ca1e489d82
-
SHA1
33fa6a7fa73a790c876582c9f638fc7e71a0f284
-
SHA256
38ee5db6247e3637509a731d894af10c97be040b388aac5a87b9b4a0b19a03c3
-
SHA512
d7f1ea19127350fc1f4fce1942342b52c128fec6113b7eceac7491da599a292b63e5c0508b2ef17df02aed853b9e24b2d17cc71342d56f9239df914a56e4dae4
-
SSDEEP
24576:P2G/nvxW3WV0Boz7PdSo8OhfvG83PxEXY5TZ95f+bYy4HKTtadCK2yseqa+B7:PbA3HBodSo80/GXC9+bl4ewpEe+h
Behavioral task
behavioral1
Sample
a8327e7f73f4d7a3931072ca1e489d82.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a8327e7f73f4d7a3931072ca1e489d82.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
a8327e7f73f4d7a3931072ca1e489d82.exe
-
Size
1.5MB
-
MD5
a8327e7f73f4d7a3931072ca1e489d82
-
SHA1
33fa6a7fa73a790c876582c9f638fc7e71a0f284
-
SHA256
38ee5db6247e3637509a731d894af10c97be040b388aac5a87b9b4a0b19a03c3
-
SHA512
d7f1ea19127350fc1f4fce1942342b52c128fec6113b7eceac7491da599a292b63e5c0508b2ef17df02aed853b9e24b2d17cc71342d56f9239df914a56e4dae4
-
SSDEEP
24576:P2G/nvxW3WV0Boz7PdSo8OhfvG83PxEXY5TZ95f+bYy4HKTtadCK2yseqa+B7:PbA3HBodSo80/GXC9+bl4ewpEe+h
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-