General
-
Target
file.exe
-
Size
3.6MB
-
Sample
230526-3kz8nshe99
-
MD5
58057d76d2404da3d52d975004a59be8
-
SHA1
9066c61f5ac3c452836e48d6852950ff480d4904
-
SHA256
1adae771c3a7056ccc55bb3805a43d8560b8117007403021d9a0799178a38d32
-
SHA512
1740c1d59e909ecf4ab42e7510943ca5b47cf35ab6f1d5f91a17a53ba1e9fd50749f9142bb4d9ca651064df3bcd0894e0d4725950df3d8a333d0373872f90faf
-
SSDEEP
98304:Jm5nQObELIj/j1Kb4E3+F7iBaUf8Lt/wZDMcFdD5cuJP3:Jm9QDL2/UL+xdLOZhD5c6P3
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
3.6MB
-
MD5
58057d76d2404da3d52d975004a59be8
-
SHA1
9066c61f5ac3c452836e48d6852950ff480d4904
-
SHA256
1adae771c3a7056ccc55bb3805a43d8560b8117007403021d9a0799178a38d32
-
SHA512
1740c1d59e909ecf4ab42e7510943ca5b47cf35ab6f1d5f91a17a53ba1e9fd50749f9142bb4d9ca651064df3bcd0894e0d4725950df3d8a333d0373872f90faf
-
SSDEEP
98304:Jm5nQObELIj/j1Kb4E3+F7iBaUf8Lt/wZDMcFdD5cuJP3:Jm9QDL2/UL+xdLOZhD5c6P3
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-