General
-
Target
c2705b8b9562a559b785e347ead070c4.bin
-
Size
1.1MB
-
Sample
230130-x9tjjacc87
-
MD5
bfc39f283055b324ae302a9d565351ba
-
SHA1
bd17011f1fb9ec1c72f6d6a5f8d98b28bb616246
-
SHA256
87fa77fb5955b9e7316ca314e80f297249e086d6e9ee9204c4df103301ef0112
-
SHA512
a4f49733cee94d597ffc6c9a8b8b67999ae83d5a1a4f71826e9193ffbf3d4aacf23ca28de3ae238cd231e2a7b19ea85998cea15b89a1a3e519aecf9a8baf512c
-
SSDEEP
24576:QGsHn7xSueu8VxGRJZYYAsu8Jy1ivIMLOu/GXUTbOVYg+9l:QGsbxSxTsPVPJyEI6OueXUTbMlil
Behavioral task
behavioral1
Sample
87ade58bfd0c4657778eccf90ffb4409c61012dcd2134c708bebe60a872599b5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
87ade58bfd0c4657778eccf90ffb4409c61012dcd2134c708bebe60a872599b5.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
87ade58bfd0c4657778eccf90ffb4409c61012dcd2134c708bebe60a872599b5.exe
-
Size
1.5MB
-
MD5
c2705b8b9562a559b785e347ead070c4
-
SHA1
74e5efad74eeb3e80c689c2f2fa4c8e19d55b94a
-
SHA256
87ade58bfd0c4657778eccf90ffb4409c61012dcd2134c708bebe60a872599b5
-
SHA512
28764caefea9a2e23e5793c9118f5f7926d9e1d507f237f004a16fb81dfbfddd4c33c11843ef6eb9fa655d85443b032b878a88cc7cb9c379292e8813012bb83e
-
SSDEEP
24576:Y2kx1r2DVrfP/LtFYnnq4xuO1N/EZbUtJSU5KlyR5:YV0V3RFh4g2N/EZ4B5KlyR
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-