General
-
Target
Extrude v1.rar
-
Size
1.2MB
-
Sample
230326-rj5k8agg68
-
MD5
7f6049eb13f0def8ecc2b24a7f192197
-
SHA1
b28503756867d0df88d153859d31a41340d4df67
-
SHA256
779944ef7b50dcc97c14b28c133b36f93c33299381e17ce80444562fdd82a79c
-
SHA512
99b44531770eec32f1c453c2085635687e663700491dbfff44e0c7ad4f2f64ca43b011204af7ac8de8796ee28d2b913d8c4d6253334133465723264c50270058
-
SSDEEP
24576:PcDxi5YA59TMJLvdVRLRfyW12l4v1hv8riCtE:th9TALpRfyEJNhU2
Behavioral task
behavioral1
Sample
Extrude.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Extrude.exe
-
Size
1.1MB
-
MD5
75b7f43476e40833c80636fa9e6b7ebc
-
SHA1
75849108978003895e774680549cad97edb215e9
-
SHA256
89b41e3a1d1feef8f7ada88762624d7bd92a8fc2d2a1549741ca83b6512c3ef1
-
SHA512
aa8ac4e5ac2bd9f605fca5275888bfa533701f3fddef7d5d6344a8957bbfe4385e6ccdf562b19e9e4c00eeed35792e1ced71ffb9c7a35eec5bf45e938a028a8a
-
SSDEEP
24576:P2G/nvxW3Wn0VZlQoCOXU/UUjxZXSzHifMw:PbA3pVZlQ7OXGX+zCZ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-