General
-
Target
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8
-
Size
3.4MB
-
Sample
230609-mrqd2sbh57
-
MD5
8136421aa9596cb02a6c30a99b376db5
-
SHA1
a4866f30925441944eb06e9540fd8740a7302b84
-
SHA256
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8
-
SHA512
a6b2fcb864ecc6b10a2a08373d12d8f59f16e9ca22b1b014c2326807a1bb90ab84e1a0b9afd637a408c179f9025eee28f017e35bf6543fb59e06a12c9860bf8c
-
SSDEEP
24576:0BgrBN6i/BEuM75fCJaBSDVdMYHl6I4H8ykD3A:yIWqgBSDAYHl4cykD3A
Static task
static1
Behavioral task
behavioral1
Sample
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8
-
Size
3.4MB
-
MD5
8136421aa9596cb02a6c30a99b376db5
-
SHA1
a4866f30925441944eb06e9540fd8740a7302b84
-
SHA256
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8
-
SHA512
a6b2fcb864ecc6b10a2a08373d12d8f59f16e9ca22b1b014c2326807a1bb90ab84e1a0b9afd637a408c179f9025eee28f017e35bf6543fb59e06a12c9860bf8c
-
SSDEEP
24576:0BgrBN6i/BEuM75fCJaBSDVdMYHl6I4H8ykD3A:yIWqgBSDAYHl4cykD3A
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-