General
-
Target
a004cd8e5a3c98905f606c1adf947876.exe
-
Size
2.3MB
-
Sample
230131-z4gc5acd2z
-
MD5
a004cd8e5a3c98905f606c1adf947876
-
SHA1
7516ab2fb8ed0d5300da3b408b6ef9496859a717
-
SHA256
783e64fd0c3955a98240e9e42f216c5e78e63021aeb5913b7a262dd1e3f9683e
-
SHA512
46895dc11504c5f1c1a0b6908f4f8ed23f1b161f74999bad739f631c200b24b069a4e22fc7925befbf9256dc3707584a6c628c879d56a0f8a392edd933d8fbac
-
SSDEEP
24576:iD1CSLX+VpapJhM/r8b2f1XqX+lCLxwMylv06dbFydnjzjQhkKqyVIkFHfIHYfrr:I1CSggEsZ/x4
Static task
static1
Behavioral task
behavioral1
Sample
a004cd8e5a3c98905f606c1adf947876.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a004cd8e5a3c98905f606c1adf947876.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
a004cd8e5a3c98905f606c1adf947876.exe
-
Size
2.3MB
-
MD5
a004cd8e5a3c98905f606c1adf947876
-
SHA1
7516ab2fb8ed0d5300da3b408b6ef9496859a717
-
SHA256
783e64fd0c3955a98240e9e42f216c5e78e63021aeb5913b7a262dd1e3f9683e
-
SHA512
46895dc11504c5f1c1a0b6908f4f8ed23f1b161f74999bad739f631c200b24b069a4e22fc7925befbf9256dc3707584a6c628c879d56a0f8a392edd933d8fbac
-
SSDEEP
24576:iD1CSLX+VpapJhM/r8b2f1XqX+lCLxwMylv06dbFydnjzjQhkKqyVIkFHfIHYfrr:I1CSggEsZ/x4
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-