General
-
Target
HEUR-Trojan-Spy.Win32.Stealer.gen-936b51db1be.exe
-
Size
1.2MB
-
Sample
230201-vfnp3scg2t
-
MD5
65d590e07198d25d05b41c557b231fc7
-
SHA1
3848eb0f0db7d00b78593aa29bd4b9e4f0b4e022
-
SHA256
936b51db1be856b313fa5cdf194410989adeb2348988c47bf59790a0f3474afc
-
SHA512
c4f4a8c28871aa6101b8d73361e39e9882d3806b74f22fa014b6f9dbebbfa8d94e6458a1425ad077683a70ab59fa80cf955777cd348192014cbf39711c6fb964
-
SSDEEP
12288:DVj+qgXEJ2RATf1rBH28VUuY9cd1296Uw3U8Db1QxT2pHGTOwpkgol6lJkh/3/nn:Zj+ErfdBH28VUx9zQpBAKp7g7s/3
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan-Spy.Win32.Stealer.gen-936b51db1be.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-Spy.Win32.Stealer.gen-936b51db1be.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
HEUR-Trojan-Spy.Win32.Stealer.gen-936b51db1be.exe
-
Size
1.2MB
-
MD5
65d590e07198d25d05b41c557b231fc7
-
SHA1
3848eb0f0db7d00b78593aa29bd4b9e4f0b4e022
-
SHA256
936b51db1be856b313fa5cdf194410989adeb2348988c47bf59790a0f3474afc
-
SHA512
c4f4a8c28871aa6101b8d73361e39e9882d3806b74f22fa014b6f9dbebbfa8d94e6458a1425ad077683a70ab59fa80cf955777cd348192014cbf39711c6fb964
-
SSDEEP
12288:DVj+qgXEJ2RATf1rBH28VUuY9cd1296Uw3U8Db1QxT2pHGTOwpkgol6lJkh/3/nn:Zj+ErfdBH28VUx9zQpBAKp7g7s/3
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Drops startup file
-
Suspicious use of SetThreadContext
-