General
-
Target
HEUR-Trojan-Spy.MSIL.Stealer.gen-f4d2a5c70bef.exe
-
Size
2.5MB
-
Sample
230201-r757naab63
-
MD5
458572c88677fb8604b4628d451adbba
-
SHA1
5af9fbc7e0541b288b839ed72b83e492939bf351
-
SHA256
f4d2a5c70bef00bc9eda121795152366650bb517bd9411fdaf27d90055db6ddb
-
SHA512
c572100414acea793f8aad39b75f92b977148c87465ed8909ad2c804b014d2277ed7b7f40f094042d1c753e9043c22e654060a296ee361f937043916339341a5
-
SSDEEP
49152:cP8AFQKReWGfdyHnOhGyUAzN3zIelmX9xZx1Dn8eiJ7iyDZj+oD:Q8AFQKefcuhGHwPluDn8tFiEj+o
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan-Spy.MSIL.Stealer.gen-f4d2a5c70bef.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-Spy.MSIL.Stealer.gen-f4d2a5c70bef.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
HEUR-Trojan-Spy.MSIL.Stealer.gen-f4d2a5c70bef.exe
-
Size
2.5MB
-
MD5
458572c88677fb8604b4628d451adbba
-
SHA1
5af9fbc7e0541b288b839ed72b83e492939bf351
-
SHA256
f4d2a5c70bef00bc9eda121795152366650bb517bd9411fdaf27d90055db6ddb
-
SHA512
c572100414acea793f8aad39b75f92b977148c87465ed8909ad2c804b014d2277ed7b7f40f094042d1c753e9043c22e654060a296ee361f937043916339341a5
-
SSDEEP
49152:cP8AFQKReWGfdyHnOhGyUAzN3zIelmX9xZx1Dn8eiJ7iyDZj+oD:Q8AFQKefcuhGHwPluDn8tFiEj+o
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-