General
-
Target
Allergies List and Allowed Substances.numb05151.pdf.zip
-
Size
16.6MB
-
Sample
230614-and6dscd27
-
MD5
d3bb51283dcf2658026fbdacdf3df32e
-
SHA1
a05f9a6bd29a4b28066dc6b1575fa4945ef86650
-
SHA256
cd83427b301bad7fc71f23cb121a4c41483b2f0278c54e9595583e8f2865f004
-
SHA512
b80b527cb7fb762d78893be87fe00f6827418cfde6be4ba929d1ba725f0d2c06e0cf861a93fc90bb20161a2edf30162e29ff10c344bb582a897664ffe30f2ad0
-
SSDEEP
393216:z7xPhHoZMb512lSjxU9LVbRyCqBYa5o4CPMscWpmmaivTCzn:/lhH7Ljj2FhcG4Njy2ivAn
Malware Config
Targets
-
-
Target
Allergies List and Allowed Substances.numb05151.pdf.scr
-
Size
920.3MB
-
MD5
491c5ac82977262ef24bd22ad312c622
-
SHA1
1f0555370f07e94182059701f63e940429757157
-
SHA256
ea770032c44e773b9c9865d4ff3bfb10f76b003ace1bbfbe45755ffff227e5fe
-
SHA512
a9974fe623a979e12d8493200f36aa4aab5763ea97ed4d5924fb1f579038d686bb10d789d576343ce4ca4c8a4657ed9404b7ffb52f701f6f880eb75e766f6734
-
SSDEEP
393216:rc8yiMPNWZV4nXF12elEA7YKsHES/Sl50l:rcOMPNWTM2elpBtSwW
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-