General
-
Target
New_Recodezip_ccKzm.exe
-
Size
4.1MB
-
Sample
230521-xnp9zseg2x
-
MD5
1b86767c8010c15292ab4e908e78c816
-
SHA1
5406e9382393e5bfbe8ab4e275a15d69b84b3c58
-
SHA256
0571d4081865390f9eb34752c4cce3eb566271b199eb72669a9c5588b5ea0de7
-
SHA512
1ffa8861a604882cf9b91675b74e43562164b3e905814c6bb5bb7fa375983ebd89c5731ca6fb49763f4c68e728eb122d4158bac36a6dc9b0efff2b2ffce18256
-
SSDEEP
98304:hbbrvdAovVzr/11pPnQHdd0ZIc8vC1zKTTU:hZfr/11pP+ddwgvLTU
Behavioral task
behavioral1
Sample
New_Recodezip_ccKzm.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
New_Recodezip_ccKzm.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
New_Recodezip_ccKzm.exe
-
Size
4.1MB
-
MD5
1b86767c8010c15292ab4e908e78c816
-
SHA1
5406e9382393e5bfbe8ab4e275a15d69b84b3c58
-
SHA256
0571d4081865390f9eb34752c4cce3eb566271b199eb72669a9c5588b5ea0de7
-
SHA512
1ffa8861a604882cf9b91675b74e43562164b3e905814c6bb5bb7fa375983ebd89c5731ca6fb49763f4c68e728eb122d4158bac36a6dc9b0efff2b2ffce18256
-
SSDEEP
98304:hbbrvdAovVzr/11pPnQHdd0ZIc8vC1zKTTU:hZfr/11pP+ddwgvLTU
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-