General
-
Target
Idle.exe
-
Size
2.5MB
-
Sample
230612-t7d5aada65
-
MD5
75136c00a06c6ee8c30e8a969fac27a9
-
SHA1
d4d02785c465a544573f6d113849d48f2ad35fed
-
SHA256
28c79c3f0bd6ee03025e4e4f61a2d25a00bebc0b1d3776bfabc824fc49013fcf
-
SHA512
187385d74f340932ba2b46970846e72f0da058a29f49a50879edde3aef17dc910ca49fb0ae24cc2d49745cd1f21c4450aa4f3d258b8a129918a51b217506af2d
-
SSDEEP
49152:M2bjYDwitkxyOO1dHyWOdewRrirxMjvQI7OAax3B:MgjMJ2dyrybQI7Qz
Behavioral task
behavioral1
Sample
Idle.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Idle.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
Idle.exe
-
Size
2.5MB
-
MD5
75136c00a06c6ee8c30e8a969fac27a9
-
SHA1
d4d02785c465a544573f6d113849d48f2ad35fed
-
SHA256
28c79c3f0bd6ee03025e4e4f61a2d25a00bebc0b1d3776bfabc824fc49013fcf
-
SHA512
187385d74f340932ba2b46970846e72f0da058a29f49a50879edde3aef17dc910ca49fb0ae24cc2d49745cd1f21c4450aa4f3d258b8a129918a51b217506af2d
-
SSDEEP
49152:M2bjYDwitkxyOO1dHyWOdewRrirxMjvQI7OAax3B:MgjMJ2dyrybQI7Qz
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-