General
-
Target
3DD0A5685E10EF6D63758CAFEE7C651F8AE80A4766415.exe
-
Size
2.0MB
-
Sample
231118-ad25gafg92
-
MD5
9b57b45ad1b718ed5e83fb62a8b726c3
-
SHA1
25e29ba21022424a4d74f2d184238f288a788f32
-
SHA256
3dd0a5685e10ef6d63758cafee7c651f8ae80a47664158976ace7b80c825a032
-
SHA512
f9b439d71536513bd8a190774cd4c3c6a5729ecf54f5f70e7abbbffde54485188998c3537b5955f98dac4a390742bfddf2b4ef6f257729e46565bcf862de3209
-
SSDEEP
24576:JB432G/nvxW3Ww0tLXA/ZohBQTRtWpekBST0Z3jJWOyFFgU91cD0knE4BTi:QbA30DDhBQNxkk0pljyF2U911qi
Behavioral task
behavioral1
Sample
3DD0A5685E10EF6D63758CAFEE7C651F8AE80A4766415.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
3DD0A5685E10EF6D63758CAFEE7C651F8AE80A4766415.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
3DD0A5685E10EF6D63758CAFEE7C651F8AE80A4766415.exe
-
Size
2.0MB
-
MD5
9b57b45ad1b718ed5e83fb62a8b726c3
-
SHA1
25e29ba21022424a4d74f2d184238f288a788f32
-
SHA256
3dd0a5685e10ef6d63758cafee7c651f8ae80a47664158976ace7b80c825a032
-
SHA512
f9b439d71536513bd8a190774cd4c3c6a5729ecf54f5f70e7abbbffde54485188998c3537b5955f98dac4a390742bfddf2b4ef6f257729e46565bcf862de3209
-
SSDEEP
24576:JB432G/nvxW3Ww0tLXA/ZohBQTRtWpekBST0Z3jJWOyFFgU91cD0knE4BTi:QbA30DDhBQNxkk0pljyF2U911qi
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-