General
-
Target
7979fd9c96a8454fe5d6d3132354250ee6157f67f3373c91806a96fb044fb85a
-
Size
1.3MB
-
Sample
230203-nx6tnafa47
-
MD5
d0acad0173dbf035f48a1aa25073c089
-
SHA1
03a8454e276751468e7f3c713f623a35644e961d
-
SHA256
7979fd9c96a8454fe5d6d3132354250ee6157f67f3373c91806a96fb044fb85a
-
SHA512
c9ade32007cf401470bc4338ba5415e73c2bdfb9eecccc361c1048dd0c79967e58a08bdaf2146b06949b65897b3ad795ae16c3977ab18e500f1d32f930b356a9
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
7979fd9c96a8454fe5d6d3132354250ee6157f67f3373c91806a96fb044fb85a.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
7979fd9c96a8454fe5d6d3132354250ee6157f67f3373c91806a96fb044fb85a
-
Size
1.3MB
-
MD5
d0acad0173dbf035f48a1aa25073c089
-
SHA1
03a8454e276751468e7f3c713f623a35644e961d
-
SHA256
7979fd9c96a8454fe5d6d3132354250ee6157f67f3373c91806a96fb044fb85a
-
SHA512
c9ade32007cf401470bc4338ba5415e73c2bdfb9eecccc361c1048dd0c79967e58a08bdaf2146b06949b65897b3ad795ae16c3977ab18e500f1d32f930b356a9
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-