General
-
Target
0edf51664b0a45acdce457d9a8cdc386.exe
-
Size
8.5MB
-
Sample
230615-lrmgqaff9y
-
MD5
0edf51664b0a45acdce457d9a8cdc386
-
SHA1
d7b0fbca408089089dc4cbf6482bac3599d9fba0
-
SHA256
67eeefd5e0497fbdc04b51cfbb76efae169c3875c67620ebaa13c62ece5edf15
-
SHA512
0cf3b0d3568c5cf3f442bee42bdbfccb5e576fa1f5abb14f2a1427dc3d85d54c5b55d3df75ea9dc39d2bc3c688fa4ede24663ff7af7e66debd474b26aa2fad2d
-
SSDEEP
196608:Ck6YzLe5c91ELY0JDfyGZ21X5Sp6GemDMPwuWJYPnkRo:PLt96Y0JDfD0pfaMPWTo
Behavioral task
behavioral1
Sample
0edf51664b0a45acdce457d9a8cdc386.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0edf51664b0a45acdce457d9a8cdc386.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
0edf51664b0a45acdce457d9a8cdc386.exe
-
Size
8.5MB
-
MD5
0edf51664b0a45acdce457d9a8cdc386
-
SHA1
d7b0fbca408089089dc4cbf6482bac3599d9fba0
-
SHA256
67eeefd5e0497fbdc04b51cfbb76efae169c3875c67620ebaa13c62ece5edf15
-
SHA512
0cf3b0d3568c5cf3f442bee42bdbfccb5e576fa1f5abb14f2a1427dc3d85d54c5b55d3df75ea9dc39d2bc3c688fa4ede24663ff7af7e66debd474b26aa2fad2d
-
SSDEEP
196608:Ck6YzLe5c91ELY0JDfyGZ21X5Sp6GemDMPwuWJYPnkRo:PLt96Y0JDfD0pfaMPWTo
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-