General
-
Target
7b0HMZi.exe
-
Size
1.4MB
-
Sample
230130-cl9wdsde88
-
MD5
171c377e62a138ad8c7bce6c9ff051d3
-
SHA1
26252b5009f133925ca08f22adf7084c729e53ce
-
SHA256
f2584e87fac1d7e4b0a8e15f9227626ab95c14dfc7bfd2f6d0abfa4fd6113d63
-
SHA512
bd5d49d6b6133066a164226c66f1369bb898245ff540a7772fb5e09675c5a736c29f915cae695d6e30a15ab8532bdce98242ba2944d072f6442db0a85a892d31
-
SSDEEP
24576:jnTvNh6VDOAxsd05hhdshr0SafxxyiDSvGzNlZhlUmbhL:jLNh6ViAxsqr6r0hfqY/lb2
Behavioral task
behavioral1
Sample
7b0HMZi.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7b0HMZi.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
7b0HMZi.exe
-
Size
1.4MB
-
MD5
171c377e62a138ad8c7bce6c9ff051d3
-
SHA1
26252b5009f133925ca08f22adf7084c729e53ce
-
SHA256
f2584e87fac1d7e4b0a8e15f9227626ab95c14dfc7bfd2f6d0abfa4fd6113d63
-
SHA512
bd5d49d6b6133066a164226c66f1369bb898245ff540a7772fb5e09675c5a736c29f915cae695d6e30a15ab8532bdce98242ba2944d072f6442db0a85a892d31
-
SSDEEP
24576:jnTvNh6VDOAxsd05hhdshr0SafxxyiDSvGzNlZhlUmbhL:jLNh6ViAxsqr6r0hfqY/lb2
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-