General
-
Target
a2ea8c0f0b809338bc212b9dce4169c6.exe
-
Size
1.8MB
-
Sample
230611-dz6lkage25
-
MD5
a2ea8c0f0b809338bc212b9dce4169c6
-
SHA1
2055d655fdc1da4d9090871b90a12a7d6f749d7d
-
SHA256
7b1c20701d541771b5819005700826712f27970a335dda7cf150e2564802d515
-
SHA512
e6fed299bc4590e94b9ec25c7ba16ee974b738961c8899ff670e7a5c6560361038ad5e970ddd207c90316455363d943a95b8afc5416b8dfcd755fc133f49e60e
-
SSDEEP
24576:26DZpO9y7b5UC4iSiLryeCB7sDmJEtQNUdvnCYjOjO45CT8xBVZHUnc9v8E99JG1:NDDHVHQNM1rcBUczNGHV
Static task
static1
Behavioral task
behavioral1
Sample
a2ea8c0f0b809338bc212b9dce4169c6.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a2ea8c0f0b809338bc212b9dce4169c6.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
a2ea8c0f0b809338bc212b9dce4169c6.exe
-
Size
1.8MB
-
MD5
a2ea8c0f0b809338bc212b9dce4169c6
-
SHA1
2055d655fdc1da4d9090871b90a12a7d6f749d7d
-
SHA256
7b1c20701d541771b5819005700826712f27970a335dda7cf150e2564802d515
-
SHA512
e6fed299bc4590e94b9ec25c7ba16ee974b738961c8899ff670e7a5c6560361038ad5e970ddd207c90316455363d943a95b8afc5416b8dfcd755fc133f49e60e
-
SSDEEP
24576:26DZpO9y7b5UC4iSiLryeCB7sDmJEtQNUdvnCYjOjO45CT8xBVZHUnc9v8E99JG1:NDDHVHQNM1rcBUczNGHV
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-