General
-
Target
bd405c747252120fe56aa8734d40df8b.exe
-
Size
2.0MB
-
Sample
230611-2h8xcsag7x
-
MD5
bd405c747252120fe56aa8734d40df8b
-
SHA1
e11ae735a5d76f19b1ae0a65bcd052af7ff2ad25
-
SHA256
4ae98d07149ba3a2d9e00594f4da6e65c0386a6e95c0fb168a05607cbb0d2a65
-
SHA512
bb9f670e76afa2c826bf123eeb77cf80d0139b6cb3353b898d0513392e3e51c772397ebea1abb7d831cc651c61b447bdf61bfdcfe38b8f8064498ea2b4f953a3
-
SSDEEP
49152:ABRhIjunt9Tj8sgDwKynOnMm7FM0RYB6XWaXyewLI49:aU6XH9nmlRgcyewLI49
Static task
static1
Behavioral task
behavioral1
Sample
bd405c747252120fe56aa8734d40df8b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bd405c747252120fe56aa8734d40df8b.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
bd405c747252120fe56aa8734d40df8b.exe
-
Size
2.0MB
-
MD5
bd405c747252120fe56aa8734d40df8b
-
SHA1
e11ae735a5d76f19b1ae0a65bcd052af7ff2ad25
-
SHA256
4ae98d07149ba3a2d9e00594f4da6e65c0386a6e95c0fb168a05607cbb0d2a65
-
SHA512
bb9f670e76afa2c826bf123eeb77cf80d0139b6cb3353b898d0513392e3e51c772397ebea1abb7d831cc651c61b447bdf61bfdcfe38b8f8064498ea2b4f953a3
-
SSDEEP
49152:ABRhIjunt9Tj8sgDwKynOnMm7FM0RYB6XWaXyewLI49:aU6XH9nmlRgcyewLI49
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-