General
-
Target
172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b
-
Size
1.3MB
-
Sample
230202-sy6x9scf55
-
MD5
a1ac1dc15ceb3a08b02c2e6ac427b8d3
-
SHA1
bd97144e3ccedfeb60050687be5870583b96764d
-
SHA256
172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b
-
SHA512
60a5d15b05b76840c0c5f8d71896135305b81d06ac605690b81e90269bf715d22339825ac6f7bfc7bfcbc8cd34de2155006272c762e113702b479184d30b1627
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b
-
Size
1.3MB
-
MD5
a1ac1dc15ceb3a08b02c2e6ac427b8d3
-
SHA1
bd97144e3ccedfeb60050687be5870583b96764d
-
SHA256
172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b
-
SHA512
60a5d15b05b76840c0c5f8d71896135305b81d06ac605690b81e90269bf715d22339825ac6f7bfc7bfcbc8cd34de2155006272c762e113702b479184d30b1627
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-