General
-
Target
b5dfa64f79e3272dd6ccb91a40a3206c.exe
-
Size
1.5MB
-
Sample
230329-m99kmsga54
-
MD5
b5dfa64f79e3272dd6ccb91a40a3206c
-
SHA1
ca02a91baa75c5e7ca5f0a5a28e3187ab87778e4
-
SHA256
68da9464f3455f8a65b4bc540f00c525ebf26a05cd6b07f1d5ad3e76f2f43469
-
SHA512
c9f32e08351f405d0c1bd40da364a9f30c494ade9a775039494d9ebbf1fa2835879ed333a2b5b6ea3e7d37bad815f00563f107c3aeeba7bd065be6ba96808289
-
SSDEEP
49152:Ug7eMAlDZSskPpc6r1deUNWiP3XtGfAGOw:UJMAlDAdPpF1YbifXtg9
Behavioral task
behavioral1
Sample
b5dfa64f79e3272dd6ccb91a40a3206c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b5dfa64f79e3272dd6ccb91a40a3206c.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
b5dfa64f79e3272dd6ccb91a40a3206c.exe
-
Size
1.5MB
-
MD5
b5dfa64f79e3272dd6ccb91a40a3206c
-
SHA1
ca02a91baa75c5e7ca5f0a5a28e3187ab87778e4
-
SHA256
68da9464f3455f8a65b4bc540f00c525ebf26a05cd6b07f1d5ad3e76f2f43469
-
SHA512
c9f32e08351f405d0c1bd40da364a9f30c494ade9a775039494d9ebbf1fa2835879ed333a2b5b6ea3e7d37bad815f00563f107c3aeeba7bd065be6ba96808289
-
SSDEEP
49152:Ug7eMAlDZSskPpc6r1deUNWiP3XtGfAGOw:UJMAlDAdPpF1YbifXtg9
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-