General
-
Target
4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df
-
Size
574KB
-
Sample
230129-v1gghagh4z
-
MD5
b5a28a29823b875076ccca3344499426
-
SHA1
cf51bddf543b5b3570e43d7eb83d201309da36a3
-
SHA256
4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df
-
SHA512
e9a648701f6612c1f5f0956d226282b5af26beee4e517a1d5670f97bb97dae8edd010080a1857213dd72d5b89f80da4f9f00f1d19c4459d1c06ca5ef936fe144
-
SSDEEP
12288:HQnk3GDYKGcbllbp8VTbS8thdRok51TvLH5W:JAOcZxpgTbS8tZokU
Static task
static1
Behavioral task
behavioral1
Sample
4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df
-
Size
574KB
-
MD5
b5a28a29823b875076ccca3344499426
-
SHA1
cf51bddf543b5b3570e43d7eb83d201309da36a3
-
SHA256
4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df
-
SHA512
e9a648701f6612c1f5f0956d226282b5af26beee4e517a1d5670f97bb97dae8edd010080a1857213dd72d5b89f80da4f9f00f1d19c4459d1c06ca5ef936fe144
-
SSDEEP
12288:HQnk3GDYKGcbllbp8VTbS8thdRok51TvLH5W:JAOcZxpgTbS8tZokU
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-