General
-
Target
36debef0fda01710af9b0e7b6d990a37.bin.exe
-
Size
1.1MB
-
Sample
230322-ng2vrsgd96
-
MD5
36debef0fda01710af9b0e7b6d990a37
-
SHA1
b74d79014b30d14abbfbc7adac9a9c2a484f51b9
-
SHA256
5d61d2fe577e2a1feac949e6ee980fc9589e4b9472bc4ae249e5d50371ce0e9a
-
SHA512
a4fdeb9658b23abf6544344131d2504a72512773f9b041a1c83cee137bb248bf5ab28e11b07d21302fa54660e2eff8fb97f8c3b00d4c7cdee237c237f91befa4
-
SSDEEP
12288:7EOA56TrfgrfGA3hM6iM8QSArLmMcKDJW0lt6/9y4dne+qR/:o5IErf1hTP8ALrDc0lQ/9y4dne
Static task
static1
Behavioral task
behavioral1
Sample
36debef0fda01710af9b0e7b6d990a37.bin.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
36debef0fda01710af9b0e7b6d990a37.bin.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
36debef0fda01710af9b0e7b6d990a37.bin.exe
-
Size
1.1MB
-
MD5
36debef0fda01710af9b0e7b6d990a37
-
SHA1
b74d79014b30d14abbfbc7adac9a9c2a484f51b9
-
SHA256
5d61d2fe577e2a1feac949e6ee980fc9589e4b9472bc4ae249e5d50371ce0e9a
-
SHA512
a4fdeb9658b23abf6544344131d2504a72512773f9b041a1c83cee137bb248bf5ab28e11b07d21302fa54660e2eff8fb97f8c3b00d4c7cdee237c237f91befa4
-
SSDEEP
12288:7EOA56TrfgrfGA3hM6iM8QSArLmMcKDJW0lt6/9y4dne+qR/:o5IErf1hTP8ALrDc0lQ/9y4dne
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Panda Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-