General
-
Target
steamwebhelper.exe
-
Size
1.6MB
-
Sample
230322-b75ccsec33
-
MD5
e6e435597e9a91f52548a33b364dba80
-
SHA1
1c330dcc94650ec6f595aaccf1e9cfa4195dcf53
-
SHA256
269b3fc526f5af413ede05940c05111eeac1202bba4c5192c1a98f9f2d840038
-
SHA512
bc36669e8a2e7ca150e7b6d1a78c13fa5448aff8ac46c0bd2696319a34e318cd709e6f54ad9582f5972dfd431e9b3f30c4a3824c65d60fda5734babd8ac2f161
-
SSDEEP
24576:JPp2ne4gESNDVVBfxUKcolRP6wx63uDYxrPiEBAhIo3njm482XralHLyKfmityU:JPonvSDVVj1cAcrPiEDo3jh82OlL7
Behavioral task
behavioral1
Sample
steamwebhelper.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
steamwebhelper.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
steamwebhelper.exe
-
Size
1.6MB
-
MD5
e6e435597e9a91f52548a33b364dba80
-
SHA1
1c330dcc94650ec6f595aaccf1e9cfa4195dcf53
-
SHA256
269b3fc526f5af413ede05940c05111eeac1202bba4c5192c1a98f9f2d840038
-
SHA512
bc36669e8a2e7ca150e7b6d1a78c13fa5448aff8ac46c0bd2696319a34e318cd709e6f54ad9582f5972dfd431e9b3f30c4a3824c65d60fda5734babd8ac2f161
-
SSDEEP
24576:JPp2ne4gESNDVVBfxUKcolRP6wx63uDYxrPiEBAhIo3njm482XralHLyKfmityU:JPonvSDVVj1cAcrPiEDo3jh82OlL7
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-