General
-
Target
8136421aa9596cb02a6c30a99b376db5.bin
-
Size
947KB
-
Sample
230611-b1r4fsha4s
-
MD5
3bd0f902285c90f9755cdc25dbb8e2cd
-
SHA1
c846379891cd4bfe98937b6f444dd21b00280d7a
-
SHA256
d901f6a4277040be44303bef1547d0c754833b7b790fa05384ea2888fffb7185
-
SHA512
06b046bdce7651284221572db40e6600bcf8888e585c5091ffa7164b77132e52dce17049b793cc863707f8b2b10a4f45b70a0b11ba4acf186a700d2517ce21a6
-
SSDEEP
24576:p2EZzLXIb75kvnSCjRUrqK0tXPQjLs97YykHOTHb6fHrOT:pVLYb+/SuRU7sXPQjZuLb6fLOT
Static task
static1
Behavioral task
behavioral1
Sample
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8.exe
-
Size
3.4MB
-
MD5
8136421aa9596cb02a6c30a99b376db5
-
SHA1
a4866f30925441944eb06e9540fd8740a7302b84
-
SHA256
71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8
-
SHA512
a6b2fcb864ecc6b10a2a08373d12d8f59f16e9ca22b1b014c2326807a1bb90ab84e1a0b9afd637a408c179f9025eee28f017e35bf6543fb59e06a12c9860bf8c
-
SSDEEP
24576:0BgrBN6i/BEuM75fCJaBSDVdMYHl6I4H8ykD3A:yIWqgBSDAYHl4cykD3A
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-