General
-
Target
316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a
-
Size
1.9MB
-
Sample
230612-3hqlfsef9z
-
MD5
66c4758d270f2a52ab990220c431a25d
-
SHA1
c979bf6c0f8a6d2fd628e0d3440e8575a1753b28
-
SHA256
316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a
-
SHA512
ff6cb410dbb795ca5f25f3d480e841f606cab95db6e6ff64c942f1a998e4b229d57cae67e73f77ae828bf8f5d74ffc2d50acbf9158d7b0f5eedb54752c9c18ba
-
SSDEEP
24576:U2G/nvxW3Ww0tcO85CcCWsR0y2VeODD+BHgAANI0ZWWhmmOjkAGcE+gtzuEzs:UbA3045Ls6peLBmNI0ZWWhb1JgG5I
Behavioral task
behavioral1
Sample
316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a
-
Size
1.9MB
-
MD5
66c4758d270f2a52ab990220c431a25d
-
SHA1
c979bf6c0f8a6d2fd628e0d3440e8575a1753b28
-
SHA256
316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a
-
SHA512
ff6cb410dbb795ca5f25f3d480e841f606cab95db6e6ff64c942f1a998e4b229d57cae67e73f77ae828bf8f5d74ffc2d50acbf9158d7b0f5eedb54752c9c18ba
-
SSDEEP
24576:U2G/nvxW3Ww0tcO85CcCWsR0y2VeODD+BHgAANI0ZWWhmmOjkAGcE+gtzuEzs:UbA3045Ls6peLBmNI0ZWWhb1JgG5I
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-