General
-
Target
6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d
-
Size
2.5MB
-
Sample
230612-3jq9daeg3t
-
MD5
59b19c64feab46b3f0800fc5b345e526
-
SHA1
f3257aad36339823070f67d2b45e3435a14888f6
-
SHA256
6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d
-
SHA512
2cb114822f2627721bb9dbb644655de19683882da90e3548f669efdf8421f92051d5649b4ea952df165d4ebeed9007213583577bb008950c7a25b815593f6ccb
-
SSDEEP
49152:UbA30Aurm+tznMLTqmfNb8WDZPmiLrgqxKX0qvTaMyfsY1l:Ubf5g/59TDZPmqr3Kh5yfsYj
Behavioral task
behavioral1
Sample
6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d
-
Size
2.5MB
-
MD5
59b19c64feab46b3f0800fc5b345e526
-
SHA1
f3257aad36339823070f67d2b45e3435a14888f6
-
SHA256
6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d
-
SHA512
2cb114822f2627721bb9dbb644655de19683882da90e3548f669efdf8421f92051d5649b4ea952df165d4ebeed9007213583577bb008950c7a25b815593f6ccb
-
SSDEEP
49152:UbA30Aurm+tznMLTqmfNb8WDZPmiLrgqxKX0qvTaMyfsY1l:Ubf5g/59TDZPmqr3Kh5yfsYj
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-