Overview
overview
10Static
static
9Adopt me/Core.dll
windows7-x64
1Adopt me/Core.dll
windows10-2004-x64
1Adopt me/P...rs.dll
windows7-x64
1Adopt me/P...rs.dll
windows10-2004-x64
1Adopt me/Script.exe
windows7-x64
10Adopt me/Script.exe
windows10-2004-x64
10Adopt me/config.dll
windows7-x64
3Adopt me/config.dll
windows10-2004-x64
3General
-
Target
a55b5642f42f2d89eb1464e594cab10c.bin
-
Size
5.0MB
-
Sample
230224-b4yqeabg4v
-
MD5
a55b5642f42f2d89eb1464e594cab10c
-
SHA1
9441f0f2d5abec37c592460c5129e3180671d7c1
-
SHA256
1a44d980ad4e809fa458251d28cbf53879a8d844d45eafbffc520d12cca67265
-
SHA512
bc3a583f8cbc374ac3331fb4f0580540f1519fb7b75c2cf6286594c41f793c99316de65295aa0b2c6b75de2ad383ad7de1393388f6fc1e843023283e9ae04494
-
SSDEEP
98304:0/+LQ1LGquN40DUwHNIswpIC9mDP5yedQl9k+u2T0plnYxMOkwM4Y9:0/+LQlyNhUwtKpICwDPBoko0pxYWjd9
Behavioral task
behavioral1
Sample
Adopt me/Core.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Adopt me/Core.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Adopt me/Parametrs.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Adopt me/Parametrs.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Adopt me/Script.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Adopt me/Script.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Adopt me/config.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Adopt me/config.dll
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Adopt me/Core.dll
-
Size
6.8MB
-
MD5
e3e91f6be2f9ae8b6b8f0b1cdf926d74
-
SHA1
f1909ccd04758a18697fb719501d8354895d1d1c
-
SHA256
b0035a21dda0b2a9671a01e6d29c1357f4c92010bdde48cc36619082c522b0a3
-
SHA512
661e6a3eba7c4d691c8bca3fb8ab40c79250923bae860280a42e0f09e8aff2ca54d0fee0d3ae5cbd6b4b09d682d991a59db8fc63e455bfcc1a49332d3b80488f
-
SSDEEP
196608:U7PqSpLdtGy2MdFzcbI9gM4XMtEM0A3sIFnuI:6qSlGy2gzLgMvtUKN
Score1/10 -
-
-
Target
Adopt me/Parametrs.dll
-
Size
68KB
-
MD5
92b4ecb0d175e28d32e84d7c10d5a770
-
SHA1
183e18767a66f6717493486a42920b22b6b0387e
-
SHA256
7929fc7a6b6aeccbde7922152b3333c04dc2b27ab91f61fc3e8f282bb1db34bf
-
SHA512
bf36ff70d87c4d0e7f0879732b1f300cff449cf7bbe7ba94bcea14137bd52dfd2535fbfb4f5e03ee5e787ecdb5808baea0ea8f960a7d367b865d0bee43323885
-
SSDEEP
768:pKwClM3qPqyPq/5FXGX+CU1Y68zvg5CPYifvsFdoKD8JMxRZcEOjN1nhoCS:pK7IqyyPW32hUezE5i+gQotjNboJ
Score1/10 -
-
-
Target
Adopt me/Script.exe
-
Size
722.0MB
-
MD5
16e7b0ef894bbbf25921e821c3345494
-
SHA1
293a85ad01ae13f7312cdebc60074dea5cb16531
-
SHA256
b77e54b53bfbc826658981fb3f200569bd6a16632d00d0ebb00176fa77a985db
-
SHA512
359f8da700bea3c8274e4dc8d996660882a08e10cabe9d6207c02a42921603c57adfd2b4291da60b3791b499ceb905e0e861ec5986f896d607cdb3ab7a469ee3
-
SSDEEP
24576:Bp11YGDkjwJsoGlWVwW25mKMc0uyEHcuhkypo9ePXEntalf3:BpfY5UsoGlqe5mKMc06kypSesI
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
Adopt me/config.dll
-
Size
940KB
-
MD5
9c861c079dd81762b6c54e37597b7712
-
SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0
-
SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c
-
SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7
-
SSDEEP
24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
Score3/10 -