General
-
Target
1d439ec54ed1429fac4862177dabb8281a6ff601cd74d6068a0ecee37ffc521b
-
Size
568KB
-
Sample
230129-yc3llscf3s
-
MD5
964c865ff8000d828844c15a893b6a01
-
SHA1
f515cc005445d2090319a8345154bcf59f3824a1
-
SHA256
1d439ec54ed1429fac4862177dabb8281a6ff601cd74d6068a0ecee37ffc521b
-
SHA512
230b0924c9fcdf67d03ce8b229d042286a2c99117f472691c3b7691bc34d4519825346ae1a279ea498c728c66e8240e4c4f20bceed40028036468ae1a926f66c
-
SSDEEP
12288:9Qnk3GDYKGcbloTn85eZV8D5ubjObv+hq6arF+6dS:HAOcZEnOeZ+k++q6arFTQ
Static task
static1
Behavioral task
behavioral1
Sample
1d439ec54ed1429fac4862177dabb8281a6ff601cd74d6068a0ecee37ffc521b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1d439ec54ed1429fac4862177dabb8281a6ff601cd74d6068a0ecee37ffc521b.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
1d439ec54ed1429fac4862177dabb8281a6ff601cd74d6068a0ecee37ffc521b
-
Size
568KB
-
MD5
964c865ff8000d828844c15a893b6a01
-
SHA1
f515cc005445d2090319a8345154bcf59f3824a1
-
SHA256
1d439ec54ed1429fac4862177dabb8281a6ff601cd74d6068a0ecee37ffc521b
-
SHA512
230b0924c9fcdf67d03ce8b229d042286a2c99117f472691c3b7691bc34d4519825346ae1a279ea498c728c66e8240e4c4f20bceed40028036468ae1a926f66c
-
SSDEEP
12288:9Qnk3GDYKGcbloTn85eZV8D5ubjObv+hq6arF+6dS:HAOcZEnOeZ+k++q6arFTQ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-