General
-
Target
e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2
-
Size
1.3MB
-
Sample
230203-b7m33shg44
-
MD5
9abe9a5fd1dc2978d35b9609cd839751
-
SHA1
4aa6e835666e96f38e0430a378aeed8fc1781ea1
-
SHA256
e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2
-
SHA512
4798f95bf5f01e769a67ccc4fe7e18604417bdf3c4d3c7ae8dac525debd4da480b5497c7f8a9f555f89bc48c15c5415e44ade9dbc9de2e801b4873bd75018c72
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2.exe
Resource
win10-20220901-en
Malware Config
Targets
-
-
Target
e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2
-
Size
1.3MB
-
MD5
9abe9a5fd1dc2978d35b9609cd839751
-
SHA1
4aa6e835666e96f38e0430a378aeed8fc1781ea1
-
SHA256
e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2
-
SHA512
4798f95bf5f01e769a67ccc4fe7e18604417bdf3c4d3c7ae8dac525debd4da480b5497c7f8a9f555f89bc48c15c5415e44ade9dbc9de2e801b4873bd75018c72
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-