General
-
Target
9E58D61752C75CE86ABC03005F0C75D9E2CF8218A5245.exe
-
Size
1.1MB
-
Sample
230601-pck7wsee7t
-
MD5
ba182fd81a486ddb460723be522ce562
-
SHA1
5dc2ad0fa9c62f91ecae3322d433640694248023
-
SHA256
9e58d61752c75ce86abc03005f0c75d9e2cf8218a5245d84ccc9abd9fe7a265d
-
SHA512
077c9beda4f04f5c472f5699ceaee7f3bd0ffed3272c24ce2ace2a926d003f5a2a7e75f7ecc5c1b98ccd8be0c486de97e98cb80965d5b94b46cdd453378df398
-
SSDEEP
24576:G4VHpBN/oi3FLVAdz3+H1jGt/OzwiI6bHeWsgFFNhtA:G4BpwiVRVjGJfuKWsgFLht
Behavioral task
behavioral1
Sample
9E58D61752C75CE86ABC03005F0C75D9E2CF8218A5245.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9E58D61752C75CE86ABC03005F0C75D9E2CF8218A5245.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
9E58D61752C75CE86ABC03005F0C75D9E2CF8218A5245.exe
-
Size
1.1MB
-
MD5
ba182fd81a486ddb460723be522ce562
-
SHA1
5dc2ad0fa9c62f91ecae3322d433640694248023
-
SHA256
9e58d61752c75ce86abc03005f0c75d9e2cf8218a5245d84ccc9abd9fe7a265d
-
SHA512
077c9beda4f04f5c472f5699ceaee7f3bd0ffed3272c24ce2ace2a926d003f5a2a7e75f7ecc5c1b98ccd8be0c486de97e98cb80965d5b94b46cdd453378df398
-
SSDEEP
24576:G4VHpBN/oi3FLVAdz3+H1jGt/OzwiI6bHeWsgFFNhtA:G4BpwiVRVjGJfuKWsgFLht
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-