General
-
Target
10637632580.zip
-
Size
16.0MB
-
Sample
230607-es72gsgg93
-
MD5
e4e46b27b24482068456340ae2a8b42e
-
SHA1
6d088ee1b1771b05277970153f6cfa246981c1bb
-
SHA256
e0f0fd5df01c90110329854591ddacbfcb4bf63dafc2a3afab43d7107a5f7534
-
SHA512
2cbab323301212ad7f26c0eda0d4c27aa38a63bbaf5d0afba26957c79a991aa69cf65643d16f46956fc69c647c170ecbe75a16d86a6a20a83d581b1f661cfd54
-
SSDEEP
393216:3qZq4jjJ57Sayn/2MEST4JCGeJQxR4iYlPEnYB/fMLYdt:qrjjH7SaQ14BearnkPBnbdt
Malware Config
Targets
-
-
Target
Allergies List and Allowed Substances.numb05151.pdf.scr
-
Size
920.3MB
-
MD5
491c5ac82977262ef24bd22ad312c622
-
SHA1
1f0555370f07e94182059701f63e940429757157
-
SHA256
ea770032c44e773b9c9865d4ff3bfb10f76b003ace1bbfbe45755ffff227e5fe
-
SHA512
a9974fe623a979e12d8493200f36aa4aab5763ea97ed4d5924fb1f579038d686bb10d789d576343ce4ca4c8a4657ed9404b7ffb52f701f6f880eb75e766f6734
-
SSDEEP
393216:rc8yiMPNWZV4nXF12elEA7YKsHES/Sl50l:rcOMPNWTM2elpBtSwW
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-