General
-
Target
9943942BF1ECA23FF0436ACD54810DC44DFF46CA3A8AC.exe
-
Size
1.1MB
-
Sample
230325-h9h1gadh2x
-
MD5
b85703c0702978331fc74eabbaac9eaa
-
SHA1
866687b8ae839026dd450da4503129a68943dfe8
-
SHA256
9943942bf1eca23ff0436acd54810dc44dff46ca3a8ac3e71d99152e52ae87d4
-
SHA512
f5c995d4a3f627781c844d2982bf420a3fd631fb1df0951a8c168ea648f3d52ad033f8413e1acb390fbfea2666a71a7918a4612a0cbed3f6ad9abf1b5a4a7452
-
SSDEEP
12288:KvP1CSBQksGMBHEf+5GRKvtqfnfxfH1v+5UW2CBxoyIYO3NQefsUZL+0w0qn4:KESBjfRKoffx9QfISeU/0w0+4
Behavioral task
behavioral1
Sample
9943942BF1ECA23FF0436ACD54810DC44DFF46CA3A8AC.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9943942BF1ECA23FF0436ACD54810DC44DFF46CA3A8AC.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
9943942BF1ECA23FF0436ACD54810DC44DFF46CA3A8AC.exe
-
Size
1.1MB
-
MD5
b85703c0702978331fc74eabbaac9eaa
-
SHA1
866687b8ae839026dd450da4503129a68943dfe8
-
SHA256
9943942bf1eca23ff0436acd54810dc44dff46ca3a8ac3e71d99152e52ae87d4
-
SHA512
f5c995d4a3f627781c844d2982bf420a3fd631fb1df0951a8c168ea648f3d52ad033f8413e1acb390fbfea2666a71a7918a4612a0cbed3f6ad9abf1b5a4a7452
-
SSDEEP
12288:KvP1CSBQksGMBHEf+5GRKvtqfnfxfH1v+5UW2CBxoyIYO3NQefsUZL+0w0qn4:KESBjfRKoffx9QfISeU/0w0+4
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-