General
-
Target
a04547b4b2135cb2a6679397b6ceebbd.exe
-
Size
2.1MB
-
Sample
230329-klfasahb6s
-
MD5
a04547b4b2135cb2a6679397b6ceebbd
-
SHA1
575a41564360e3f33937b95ff20951f67815340b
-
SHA256
b3a3bdf098e5f594e648d057b76c611459fee806603aeb6b4e8acd94c345f885
-
SHA512
47355bd76cc62ff6d9bb5a83a065b154e62134f572b3a2039a2b12c7010a2d71324e70c530586c89803e1cc6eeb780c253fbb1287cdc63a69ce8623c29f5a87d
-
SSDEEP
49152:WP6CjZbUzbbniWNQ0uoKoBDfMXx+542856s8lRMZsMH:WP6eUjRipr2DfMh+K6plZM
Behavioral task
behavioral1
Sample
a04547b4b2135cb2a6679397b6ceebbd.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a04547b4b2135cb2a6679397b6ceebbd.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
a04547b4b2135cb2a6679397b6ceebbd.exe
-
Size
2.1MB
-
MD5
a04547b4b2135cb2a6679397b6ceebbd
-
SHA1
575a41564360e3f33937b95ff20951f67815340b
-
SHA256
b3a3bdf098e5f594e648d057b76c611459fee806603aeb6b4e8acd94c345f885
-
SHA512
47355bd76cc62ff6d9bb5a83a065b154e62134f572b3a2039a2b12c7010a2d71324e70c530586c89803e1cc6eeb780c253fbb1287cdc63a69ce8623c29f5a87d
-
SSDEEP
49152:WP6CjZbUzbbniWNQ0uoKoBDfMXx+542856s8lRMZsMH:WP6eUjRipr2DfMh+K6plZM
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-