General
-
Target
d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb
-
Size
1.7MB
-
Sample
230324-w1rg5sge47
-
MD5
37bfaf74ab56df532afab6cb84592417
-
SHA1
7bca3a29bbc23040259b6abb84eea1a4b979ceaa
-
SHA256
d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb
-
SHA512
76ebcc6a8427aff38c0d517c8e08389b96302eec74261cd25cdefa6dd0b69282b27ed933d0ae106ac40b08e3be2b1bdc0333801d4c2d657da88bec8204fde234
-
SSDEEP
24576:3VJjECP6qVdNK3erYnMR+3FQl4jGgPsu2+yHm5gHHOoyt6oNbGDC:XeMSQlkGgPT2cUOd6oMDC
Static task
static1
Behavioral task
behavioral1
Sample
d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb
-
Size
1.7MB
-
MD5
37bfaf74ab56df532afab6cb84592417
-
SHA1
7bca3a29bbc23040259b6abb84eea1a4b979ceaa
-
SHA256
d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb
-
SHA512
76ebcc6a8427aff38c0d517c8e08389b96302eec74261cd25cdefa6dd0b69282b27ed933d0ae106ac40b08e3be2b1bdc0333801d4c2d657da88bec8204fde234
-
SSDEEP
24576:3VJjECP6qVdNK3erYnMR+3FQl4jGgPsu2+yHm5gHHOoyt6oNbGDC:XeMSQlkGgPT2cUOd6oMDC
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-