General
-
Target
d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48.exe
-
Size
2.9MB
-
Sample
230521-z6xswsfc9v
-
MD5
2ca3bafc7886b966e722a487e9ebb777
-
SHA1
cd1e4658d593e53bee15594c58be888436ce4176
-
SHA256
d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48
-
SHA512
58876c4383f7873134c5d4b4ca13881ad22d4f9c566af98fdc1221c0c5c2fb13bc02723ff34d63c12be6e76025397bff95b37c25fdb96350dbff325b3f71d2f8
-
SSDEEP
49152:LInicyfxXlMoAlSmEfqV62QVc7921m1ryrjFkcVQBRE6:Lkyl6KUtPGr3L
Static task
static1
Behavioral task
behavioral1
Sample
d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48.exe
-
Size
2.9MB
-
MD5
2ca3bafc7886b966e722a487e9ebb777
-
SHA1
cd1e4658d593e53bee15594c58be888436ce4176
-
SHA256
d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48
-
SHA512
58876c4383f7873134c5d4b4ca13881ad22d4f9c566af98fdc1221c0c5c2fb13bc02723ff34d63c12be6e76025397bff95b37c25fdb96350dbff325b3f71d2f8
-
SSDEEP
49152:LInicyfxXlMoAlSmEfqV62QVc7921m1ryrjFkcVQBRE6:Lkyl6KUtPGr3L
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-