General
-
Target
file.exe
-
Size
897KB
-
Sample
230612-rk4qbada6t
-
MD5
3a68a2cbeb827588f3749568b121a79b
-
SHA1
a40fc3b0c547826353088baf247b379f1e10f25d
-
SHA256
2ab209c8b13fc820c0f2cd15de422053e94e2ca02b939ff97eeb2abceb5bb810
-
SHA512
7ab8bb1605cfed214d05c6dac5dc05df0b66c90e7abe67629e8c879483d5f2784edae832f48acfc92c968a3da1f13e76e5db699890ed85b0c00bb551e0e70b7d
-
SSDEEP
12288:x7Gmaojeh4hLyhLk9el5ih7XrIqEMbs0qFvPrVc8Ml1T5J4rNl99uF04r4hZZ1v6:MTMYP2tP4CKdKh
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
897KB
-
MD5
3a68a2cbeb827588f3749568b121a79b
-
SHA1
a40fc3b0c547826353088baf247b379f1e10f25d
-
SHA256
2ab209c8b13fc820c0f2cd15de422053e94e2ca02b939ff97eeb2abceb5bb810
-
SHA512
7ab8bb1605cfed214d05c6dac5dc05df0b66c90e7abe67629e8c879483d5f2784edae832f48acfc92c968a3da1f13e76e5db699890ed85b0c00bb551e0e70b7d
-
SSDEEP
12288:x7Gmaojeh4hLyhLk9el5ih7XrIqEMbs0qFvPrVc8Ml1T5J4rNl99uF04r4hZZ1v6:MTMYP2tP4CKdKh
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-