General
-
Target
roblox3335.zip
-
Size
5.0MB
-
Sample
230222-1l5tfadg24
-
MD5
a55b5642f42f2d89eb1464e594cab10c
-
SHA1
9441f0f2d5abec37c592460c5129e3180671d7c1
-
SHA256
1a44d980ad4e809fa458251d28cbf53879a8d844d45eafbffc520d12cca67265
-
SHA512
bc3a583f8cbc374ac3331fb4f0580540f1519fb7b75c2cf6286594c41f793c99316de65295aa0b2c6b75de2ad383ad7de1393388f6fc1e843023283e9ae04494
-
SSDEEP
98304:0/+LQ1LGquN40DUwHNIswpIC9mDP5yedQl9k+u2T0plnYxMOkwM4Y9:0/+LQlyNhUwtKpICwDPBoko0pxYWjd9
Behavioral task
behavioral1
Sample
Adopt me/Script.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Adopt me/Script.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Adopt me/Script.exe
-
Size
722.0MB
-
MD5
16e7b0ef894bbbf25921e821c3345494
-
SHA1
293a85ad01ae13f7312cdebc60074dea5cb16531
-
SHA256
b77e54b53bfbc826658981fb3f200569bd6a16632d00d0ebb00176fa77a985db
-
SHA512
359f8da700bea3c8274e4dc8d996660882a08e10cabe9d6207c02a42921603c57adfd2b4291da60b3791b499ceb905e0e861ec5986f896d607cdb3ab7a469ee3
-
SSDEEP
24576:Bp11YGDkjwJsoGlWVwW25mKMc0uyEHcuhkypo9ePXEntalf3:BpfY5UsoGlqe5mKMc06kypSesI
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-