General
-
Target
10643700066.zip
-
Size
17.5MB
-
Sample
230607-epkf1shd4s
-
MD5
57b6b5144a3fd68aeb07a583f7c96a62
-
SHA1
14c9bfebe3938151056e39a6ec7a9205e9679736
-
SHA256
37b1874b580fc0c5896b06bd5ae855d66d15ab2be63408c0bda9dbd9441c0b13
-
SHA512
4e0b6353acb98db2183f1d25c331eb0d1524cbe3753b5415059cf8aee6c69c25dd79c6f4e02c29180cce91176b24430d427acb8fb92da8cebfe2e57f19bda6c4
-
SSDEEP
393216:KYR1fCQTdf/oQrI8zpu9GUnIGfIM0l87f8X3Nwt:KYTC8df/FU8luHXfIMMT3ut
Behavioral task
behavioral1
Sample
AllergiesList/Allergies List and Allowed Substances.numb05151.pdf.scr
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AllergiesList/Allergies List and Allowed Substances.numb05151.pdf.scr
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
AllergiesList/Allergies List and Allowed Substances.numb05151.pdf.scr
-
Size
920.3MB
-
MD5
491c5ac82977262ef24bd22ad312c622
-
SHA1
1f0555370f07e94182059701f63e940429757157
-
SHA256
ea770032c44e773b9c9865d4ff3bfb10f76b003ace1bbfbe45755ffff227e5fe
-
SHA512
a9974fe623a979e12d8493200f36aa4aab5763ea97ed4d5924fb1f579038d686bb10d789d576343ce4ca4c8a4657ed9404b7ffb52f701f6f880eb75e766f6734
-
SSDEEP
393216:rc8yiMPNWZV4nXF12elEA7YKsHES/Sl50l:rcOMPNWTM2elpBtSwW
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-