General
-
Target
1123.exe
-
Size
897KB
-
Sample
230611-n3939shg3x
-
MD5
06409dadc1de88902ef4ee3a52a8ee32
-
SHA1
c3eafe64486449fd91fe14c97140f62231e089f2
-
SHA256
1fd5d481650e7754e8074857fe4ac6b14090633761545b752fdae7687bab3d48
-
SHA512
8bfb0ea9c226e0ffc81cdeb35061f2ee15e64105942474e4f1265738a5c6d288fe8454055612ca1c1fb07d2ccdf34a58a9c0c3aaa3bd28408a3bf08e7b8361f0
-
SSDEEP
24576:4N2GPz+l7EycMncfkkacNPDxeUJUAEsyf1ER3JQ:45MAE5qy
Static task
static1
Behavioral task
behavioral1
Sample
1123.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1123.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
1123.exe
-
Size
897KB
-
MD5
06409dadc1de88902ef4ee3a52a8ee32
-
SHA1
c3eafe64486449fd91fe14c97140f62231e089f2
-
SHA256
1fd5d481650e7754e8074857fe4ac6b14090633761545b752fdae7687bab3d48
-
SHA512
8bfb0ea9c226e0ffc81cdeb35061f2ee15e64105942474e4f1265738a5c6d288fe8454055612ca1c1fb07d2ccdf34a58a9c0c3aaa3bd28408a3bf08e7b8361f0
-
SSDEEP
24576:4N2GPz+l7EycMncfkkacNPDxeUJUAEsyf1ER3JQ:45MAE5qy
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-