General
-
Target
7dca0b2ed3fd1e069d106cb0e191c5c68e0f08027d54d7e10a98ea052f40f40c
-
Size
1.3MB
-
Sample
230202-s3jnjadc23
-
MD5
0ec9cbc1d129210906e1f2fccc799999
-
SHA1
97c4256c19cad0beafbf22a3114adfde9d14eaca
-
SHA256
7dca0b2ed3fd1e069d106cb0e191c5c68e0f08027d54d7e10a98ea052f40f40c
-
SHA512
0f688109e4512e85320cb25591ba24fe37f9080d898b93b2634014f248b05ba426740fe0de968f416de07aa4749dfeffa9631b80f63d976c8fa3fb310f05c6c8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
7dca0b2ed3fd1e069d106cb0e191c5c68e0f08027d54d7e10a98ea052f40f40c.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
7dca0b2ed3fd1e069d106cb0e191c5c68e0f08027d54d7e10a98ea052f40f40c
-
Size
1.3MB
-
MD5
0ec9cbc1d129210906e1f2fccc799999
-
SHA1
97c4256c19cad0beafbf22a3114adfde9d14eaca
-
SHA256
7dca0b2ed3fd1e069d106cb0e191c5c68e0f08027d54d7e10a98ea052f40f40c
-
SHA512
0f688109e4512e85320cb25591ba24fe37f9080d898b93b2634014f248b05ba426740fe0de968f416de07aa4749dfeffa9631b80f63d976c8fa3fb310f05c6c8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-