General
-
Target
ab9ef2978e455e876ee9bec3807a9ae6.exe
-
Size
2.3MB
-
Sample
230703-c7xsysff5y
-
MD5
ab9ef2978e455e876ee9bec3807a9ae6
-
SHA1
830027727cbc9b2747571d607da399e90443d578
-
SHA256
c8da211ca281d957b12a406335603a4710803015a58710b1a36ca64605f8cd00
-
SHA512
29951722226683b7ad0cb97f815be2d69350317a5351234a4378f27a62d82b7b9696f2d2bbca2e5691401c57d6a209b6e12501a4a33e0185e7f92a65f9e8fa11
-
SSDEEP
49152:sXAW1ip79/v9b6b5t15E2t7h2ZAclve1yuRF45J1:sV0ph/vJ6D12OyjuX
Behavioral task
behavioral1
Sample
ab9ef2978e455e876ee9bec3807a9ae6.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
ab9ef2978e455e876ee9bec3807a9ae6.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
ab9ef2978e455e876ee9bec3807a9ae6.exe
-
Size
2.3MB
-
MD5
ab9ef2978e455e876ee9bec3807a9ae6
-
SHA1
830027727cbc9b2747571d607da399e90443d578
-
SHA256
c8da211ca281d957b12a406335603a4710803015a58710b1a36ca64605f8cd00
-
SHA512
29951722226683b7ad0cb97f815be2d69350317a5351234a4378f27a62d82b7b9696f2d2bbca2e5691401c57d6a209b6e12501a4a33e0185e7f92a65f9e8fa11
-
SSDEEP
49152:sXAW1ip79/v9b6b5t15E2t7h2ZAclve1yuRF45J1:sV0ph/vJ6D12OyjuX
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-