General
-
Target
file.exe
-
Size
1.9MB
-
Sample
230221-nzllhage6w
-
MD5
ffae9d3dd55cdb9bb47aa553d05d458b
-
SHA1
e43439834646330d3f3dc1f142acead1e7ac6f24
-
SHA256
4689a7fee8a2d671659d2f8c68d9bd8d1d734867654abb88f059defc5beb9b63
-
SHA512
e88a375b4680889befb88f66c50084af7908a6377302d3cc4eb9504808b9b5567ea6a1cadf1f607c6fdb08a94b88d2b8eb33a50f92854475130c8333d51a100e
-
SSDEEP
49152:ubA3jqYHNVf0jxYiwmy+FsT2vB+098DeDt7:ubrSfwGiwH+UYBt9bt7
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.9MB
-
MD5
ffae9d3dd55cdb9bb47aa553d05d458b
-
SHA1
e43439834646330d3f3dc1f142acead1e7ac6f24
-
SHA256
4689a7fee8a2d671659d2f8c68d9bd8d1d734867654abb88f059defc5beb9b63
-
SHA512
e88a375b4680889befb88f66c50084af7908a6377302d3cc4eb9504808b9b5567ea6a1cadf1f607c6fdb08a94b88d2b8eb33a50f92854475130c8333d51a100e
-
SSDEEP
49152:ubA3jqYHNVf0jxYiwmy+FsT2vB+098DeDt7:ubrSfwGiwH+UYBt9bt7
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-