General
-
Target
NEAS.f83148f181f138db59182790125e3550.exe
-
Size
1.1MB
-
Sample
231118-btevjshf3z
-
MD5
f83148f181f138db59182790125e3550
-
SHA1
59af834bd5049062d03068977b90fdd60ab75516
-
SHA256
8cfaca4031f29d40bd683e3cbaacf02b046005295aa6c30d3d832de486fc6f09
-
SHA512
fd80d6fb61eb34c7d4236ae44f96830c5f9eae72f477a7a9adce2b9eda5b2c0b9b6d9427e38e34f900395008b256a97fab2eb4d899dc395a7a59301d4e20e58f
-
SSDEEP
24576:aADdteLS1VO6wLVqq0aJSw69voIN7y7Di0:8E86MVX/SwHmf
Behavioral task
behavioral1
Sample
NEAS.f83148f181f138db59182790125e3550.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.f83148f181f138db59182790125e3550.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
NEAS.f83148f181f138db59182790125e3550.exe
-
Size
1.1MB
-
MD5
f83148f181f138db59182790125e3550
-
SHA1
59af834bd5049062d03068977b90fdd60ab75516
-
SHA256
8cfaca4031f29d40bd683e3cbaacf02b046005295aa6c30d3d832de486fc6f09
-
SHA512
fd80d6fb61eb34c7d4236ae44f96830c5f9eae72f477a7a9adce2b9eda5b2c0b9b6d9427e38e34f900395008b256a97fab2eb4d899dc395a7a59301d4e20e58f
-
SSDEEP
24576:aADdteLS1VO6wLVqq0aJSw69voIN7y7Di0:8E86MVX/SwHmf
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-