General
-
Target
fdbe49572379a183c6cd1ea7f47a9d0b4d84dddb6a9b7b7b63af0b2828c25e5a
-
Size
1.6MB
-
Sample
230612-3l3p7aeb87
-
MD5
ed6058f48136844f74532fa1f04847df
-
SHA1
5af64b0ac026e8f0eefe963c3041f6f988d4a7fa
-
SHA256
fdbe49572379a183c6cd1ea7f47a9d0b4d84dddb6a9b7b7b63af0b2828c25e5a
-
SHA512
1f499f10e5e04cc0e3f5c0f7396e97b7213d270f3c70b2de420653f5a9c9e7cfbb076f80bc1fe113c4ad627848d5f6babca5f1cf1ddcf2e0ee78b7e7a3f0892a
-
SSDEEP
49152:m1PixHoD837gw7jtXEC3h6j0AKnudlmW:m1qqyLftTh2DR
Static task
static1
Behavioral task
behavioral1
Sample
fdbe49572379a183c6cd1ea7f47a9d0b4d84dddb6a9b7b7b63af0b2828c25e5a.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fdbe49572379a183c6cd1ea7f47a9d0b4d84dddb6a9b7b7b63af0b2828c25e5a.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
fdbe49572379a183c6cd1ea7f47a9d0b4d84dddb6a9b7b7b63af0b2828c25e5a
-
Size
1.6MB
-
MD5
ed6058f48136844f74532fa1f04847df
-
SHA1
5af64b0ac026e8f0eefe963c3041f6f988d4a7fa
-
SHA256
fdbe49572379a183c6cd1ea7f47a9d0b4d84dddb6a9b7b7b63af0b2828c25e5a
-
SHA512
1f499f10e5e04cc0e3f5c0f7396e97b7213d270f3c70b2de420653f5a9c9e7cfbb076f80bc1fe113c4ad627848d5f6babca5f1cf1ddcf2e0ee78b7e7a3f0892a
-
SSDEEP
49152:m1PixHoD837gw7jtXEC3h6j0AKnudlmW:m1qqyLftTh2DR
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-