General
-
Target
NEAS.StandoffNerect.exe
-
Size
2.9MB
-
Sample
231117-vbss8sbc59
-
MD5
d379e0c6cc18383e9ee3a6d18a580bb3
-
SHA1
d3ca3575369eac435245d2cf5a368bdcfb858ee7
-
SHA256
bf3ec2b49166bfead5ad4eb1c13a53bf8f170cca0bed429741ef974d30350c2f
-
SHA512
b531de741ba315889d952ee5981adacc064233584e763475fcf526f92a26c43fa0615c3bbffe939d572c78dd333f6fcbb791c9e367ea1bbfe6a8b8a4874c2f4f
-
SSDEEP
49152:wbA31rOJYaxyU0apdmAZnZ+Im7UVfAf3nVtG/GiRa7KCDPoTicNiDEfI9IX:wb0EMUndman1VIvHGeoaxwTicNVfuQ
Behavioral task
behavioral1
Sample
NEAS.StandoffNerect.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.StandoffNerect.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.StandoffNerect.exe
-
Size
2.9MB
-
MD5
d379e0c6cc18383e9ee3a6d18a580bb3
-
SHA1
d3ca3575369eac435245d2cf5a368bdcfb858ee7
-
SHA256
bf3ec2b49166bfead5ad4eb1c13a53bf8f170cca0bed429741ef974d30350c2f
-
SHA512
b531de741ba315889d952ee5981adacc064233584e763475fcf526f92a26c43fa0615c3bbffe939d572c78dd333f6fcbb791c9e367ea1bbfe6a8b8a4874c2f4f
-
SSDEEP
49152:wbA31rOJYaxyU0apdmAZnZ+Im7UVfAf3nVtG/GiRa7KCDPoTicNiDEfI9IX:wb0EMUndman1VIvHGeoaxwTicNVfuQ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-