General
-
Target
c9d14a2e7e9a15c054a637f315a16fbb19db221f566f33f38e8a272f6cd52625
-
Size
1.3MB
-
Sample
230202-vhmkssbb33
-
MD5
389f5c16079c4eddc7970c0ad536eaac
-
SHA1
cdd591416d479cf328d52ef32d31690ebcfd0943
-
SHA256
c9d14a2e7e9a15c054a637f315a16fbb19db221f566f33f38e8a272f6cd52625
-
SHA512
b2d0cff589dec05189b0affdce20d78dec4de613aeae84f22b72c7f995eddf05ff07b51a73fec18fef56836368d09ed558b03296882ebb0ab76caa47a8df311d
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
c9d14a2e7e9a15c054a637f315a16fbb19db221f566f33f38e8a272f6cd52625.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
c9d14a2e7e9a15c054a637f315a16fbb19db221f566f33f38e8a272f6cd52625
-
Size
1.3MB
-
MD5
389f5c16079c4eddc7970c0ad536eaac
-
SHA1
cdd591416d479cf328d52ef32d31690ebcfd0943
-
SHA256
c9d14a2e7e9a15c054a637f315a16fbb19db221f566f33f38e8a272f6cd52625
-
SHA512
b2d0cff589dec05189b0affdce20d78dec4de613aeae84f22b72c7f995eddf05ff07b51a73fec18fef56836368d09ed558b03296882ebb0ab76caa47a8df311d
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-