General
-
Target
0a3346f8e23808d303382d4b64b8524f.exe
-
Size
1.6MB
-
Sample
230326-k5la5saa21
-
MD5
0a3346f8e23808d303382d4b64b8524f
-
SHA1
2fc25432b9a10c911a238800091fb786454e371e
-
SHA256
54d7bc30cd4f413106c5b57e5b29ea7ec560fccafdf08a4b8d7182715f4a3f94
-
SHA512
6ddfe6e02cabcecd0b8b55371220364990309209f5a1b0e506ddfe31f4085f5d2f4b59df199b06cb808cb233a77f9f5c10daa082570889ba26db80d0c0db5e63
-
SSDEEP
24576:lTBTsIBMNjnNNOhAe/S0o16wqw1fxocelLqd2HkPPcKbcI6Bw7Azuu0+k+51rFkP:+4lqcKsesqu0Lk9ObVS
Static task
static1
Behavioral task
behavioral1
Sample
0a3346f8e23808d303382d4b64b8524f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0a3346f8e23808d303382d4b64b8524f.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
0a3346f8e23808d303382d4b64b8524f.exe
-
Size
1.6MB
-
MD5
0a3346f8e23808d303382d4b64b8524f
-
SHA1
2fc25432b9a10c911a238800091fb786454e371e
-
SHA256
54d7bc30cd4f413106c5b57e5b29ea7ec560fccafdf08a4b8d7182715f4a3f94
-
SHA512
6ddfe6e02cabcecd0b8b55371220364990309209f5a1b0e506ddfe31f4085f5d2f4b59df199b06cb808cb233a77f9f5c10daa082570889ba26db80d0c0db5e63
-
SSDEEP
24576:lTBTsIBMNjnNNOhAe/S0o16wqw1fxocelLqd2HkPPcKbcI6Bw7Azuu0+k+51rFkP:+4lqcKsesqu0Lk9ObVS
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-