General
-
Target
1d2baaf9bf7cad310fdc1d7d171f5967f9b1c51bf277bde74b351cad1c45af19
-
Size
264KB
-
Sample
230327-yct98sha2x
-
MD5
5028754736b592a4ea2be83eb8351e2e
-
SHA1
23dd444f6a05c07bb7fdd4a74417683199055283
-
SHA256
1d2baaf9bf7cad310fdc1d7d171f5967f9b1c51bf277bde74b351cad1c45af19
-
SHA512
63e3bf3bcf9369719f2c86cbbf3f22f802b77498db1ac47961f1865b99e0c600f50a23ab63e555b0f4c091d327bcc8e2e8fd997c515c29e2f33c79460c7539de
-
SSDEEP
3072:79BRraw+dmuDhLQuGzIi7H+vsQODbQ1md7/+gQ6ke4bR+1MBexgbpd5iNZCU3wsd:nlawhuDhLK7+hEbWw72b6ke4t2MBQr3
Static task
static1
Behavioral task
behavioral1
Sample
1d2baaf9bf7cad310fdc1d7d171f5967f9b1c51bf277bde74b351cad1c45af19.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
smokeloader
sprg
Extracted
smokeloader
2022
http://hoh0aeghwugh2gie.com/
http://hie7doodohpae4na.com/
http://aek0aicifaloh1yo.com/
http://yic0oosaeiy7ahng.com/
http://wa5zu7sekai8xeih.com/
Targets
-
-
Target
1d2baaf9bf7cad310fdc1d7d171f5967f9b1c51bf277bde74b351cad1c45af19
-
Size
264KB
-
MD5
5028754736b592a4ea2be83eb8351e2e
-
SHA1
23dd444f6a05c07bb7fdd4a74417683199055283
-
SHA256
1d2baaf9bf7cad310fdc1d7d171f5967f9b1c51bf277bde74b351cad1c45af19
-
SHA512
63e3bf3bcf9369719f2c86cbbf3f22f802b77498db1ac47961f1865b99e0c600f50a23ab63e555b0f4c091d327bcc8e2e8fd997c515c29e2f33c79460c7539de
-
SSDEEP
3072:79BRraw+dmuDhLQuGzIi7H+vsQODbQ1md7/+gQ6ke4bR+1MBexgbpd5iNZCU3wsd:nlawhuDhLK7+hEbWw72b6ke4t2MBQr3
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-