General
-
Target
e588a518fdb3b52492271e640b298f468a1f419cbf5566323e9f9e150f0c9804
-
Size
1.3MB
-
Sample
230202-spfpqadf6s
-
MD5
446cac721e72e0dea4b35c54bb8300ed
-
SHA1
c8a770346c7ac83b5622914d4c71f70fd08f27d9
-
SHA256
e588a518fdb3b52492271e640b298f468a1f419cbf5566323e9f9e150f0c9804
-
SHA512
046f6f965563d7c195185579c038cc1dc376787d36e581ae53c550f1135e230c210029e36b333dc477aab907bb8fbc0f042b312833acccf645d7bd15ad20f3fb
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
e588a518fdb3b52492271e640b298f468a1f419cbf5566323e9f9e150f0c9804.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
e588a518fdb3b52492271e640b298f468a1f419cbf5566323e9f9e150f0c9804
-
Size
1.3MB
-
MD5
446cac721e72e0dea4b35c54bb8300ed
-
SHA1
c8a770346c7ac83b5622914d4c71f70fd08f27d9
-
SHA256
e588a518fdb3b52492271e640b298f468a1f419cbf5566323e9f9e150f0c9804
-
SHA512
046f6f965563d7c195185579c038cc1dc376787d36e581ae53c550f1135e230c210029e36b333dc477aab907bb8fbc0f042b312833acccf645d7bd15ad20f3fb
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-