General
-
Target
283d4591074d9d728baa8ae6378168d84ff14a659302a2f7a8d4f453814f5589
-
Size
2.7MB
-
Sample
230612-288dhsea79
-
MD5
5b758636a438eaaa325ab1c492e26a30
-
SHA1
f6e7f229e42aeb77d89bda656fe874fd42689b20
-
SHA256
283d4591074d9d728baa8ae6378168d84ff14a659302a2f7a8d4f453814f5589
-
SHA512
5c8dc5fb9ed0fa7e090328409a98b740f8335256e76959472440ace5e32ecd4420c7183c79fbeb9adf87f09b06eb9777e8ec836e5231c2b7306f002101774254
-
SSDEEP
49152:UbA30HyTxo3pRC11nSjOfVkrlktOe4esvPotWKSaY84r2xWh:UbbyTxo3WznSj0VkrloGPr/584rsW
Behavioral task
behavioral1
Sample
283d4591074d9d728baa8ae6378168d84ff14a659302a2f7a8d4f453814f5589.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
283d4591074d9d728baa8ae6378168d84ff14a659302a2f7a8d4f453814f5589.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
283d4591074d9d728baa8ae6378168d84ff14a659302a2f7a8d4f453814f5589
-
Size
2.7MB
-
MD5
5b758636a438eaaa325ab1c492e26a30
-
SHA1
f6e7f229e42aeb77d89bda656fe874fd42689b20
-
SHA256
283d4591074d9d728baa8ae6378168d84ff14a659302a2f7a8d4f453814f5589
-
SHA512
5c8dc5fb9ed0fa7e090328409a98b740f8335256e76959472440ace5e32ecd4420c7183c79fbeb9adf87f09b06eb9777e8ec836e5231c2b7306f002101774254
-
SSDEEP
49152:UbA30HyTxo3pRC11nSjOfVkrlktOe4esvPotWKSaY84r2xWh:UbbyTxo3WznSj0VkrloGPr/584rsW
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-