General
-
Target
58fed568080018ec2f41b2461b7c5dd6.bin
-
Size
990KB
-
Sample
230522-blakvsdc56
-
MD5
fc2fb74e52b63cb16ff027ec105edfeb
-
SHA1
d562ea5d064cbbf551bc7f5c46689fb92ddcc3b7
-
SHA256
926f1e477e9b51081f5ec58351b6913299d4878e91f976705a3a77f2fb3bc924
-
SHA512
9fbd9310afbfd0aadc4ef62da650dddd853188f3af3fa70f8a0b5e0bf623f762df931f4e558d05322f5cfbcc1d415493eeee8323aab249562e5d362593d8c532
-
SSDEEP
24576:euhi0moxvLPASvv4FGBwjkAtuabaykOkGYgUievz:TmOEj22NhuNOFYxiuz
Static task
static1
Behavioral task
behavioral1
Sample
bd8e3c6dde0d469b97780ad57d4fbd759f21774f9716fa8d600c0b0460bc10ea.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bd8e3c6dde0d469b97780ad57d4fbd759f21774f9716fa8d600c0b0460bc10ea.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
bd8e3c6dde0d469b97780ad57d4fbd759f21774f9716fa8d600c0b0460bc10ea.exe
-
Size
1.8MB
-
MD5
58fed568080018ec2f41b2461b7c5dd6
-
SHA1
cf2113543fb2d9a14774399876a69fb3b9bdfecd
-
SHA256
bd8e3c6dde0d469b97780ad57d4fbd759f21774f9716fa8d600c0b0460bc10ea
-
SHA512
06433ab4aa9e17edaa2bae18b9f6e10eb08a2b0ec4103f04ad99ed4225a83bb28a905e6ce4b1baaf9a84ecd3c808bf97f60a5d9cd534789ac9f3756c9383b0f0
-
SSDEEP
24576:63YTdC5hmZmu81pFyOc5NzJkawKlmR25MALfyJjV/:BTdC+Lo8OgV9xmjz/
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-