General
-
Target
231efb7ab5b36cda91e06456480228c1.exe
-
Size
1.3MB
-
Sample
230608-kzfhpsdd79
-
MD5
231efb7ab5b36cda91e06456480228c1
-
SHA1
11edb782a254ead91bef459fb4dac0ca393ffeaf
-
SHA256
5d876dee883aabe22c89e9332d18d41580e7dc5c5030be843538b5a11c053a1d
-
SHA512
c51446bf048412031b5ea5c09b55b8c1ba8d3319eaf84cda647c0048f919a9f408220200ae1d405acd54557af9626a91e03789573a556ccafea9b7bfbcec2017
-
SSDEEP
24576:9urfikuV13mFFkwIuKOaZDIpw6P/KlBrJ/GB+8xNEJn:eiku13qF1jtpwG/KR/YxNEJ
Behavioral task
behavioral1
Sample
231efb7ab5b36cda91e06456480228c1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
231efb7ab5b36cda91e06456480228c1.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
231efb7ab5b36cda91e06456480228c1.exe
-
Size
1.3MB
-
MD5
231efb7ab5b36cda91e06456480228c1
-
SHA1
11edb782a254ead91bef459fb4dac0ca393ffeaf
-
SHA256
5d876dee883aabe22c89e9332d18d41580e7dc5c5030be843538b5a11c053a1d
-
SHA512
c51446bf048412031b5ea5c09b55b8c1ba8d3319eaf84cda647c0048f919a9f408220200ae1d405acd54557af9626a91e03789573a556ccafea9b7bfbcec2017
-
SSDEEP
24576:9urfikuV13mFFkwIuKOaZDIpw6P/KlBrJ/GB+8xNEJn:eiku13qF1jtpwG/KR/YxNEJ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-