General
-
Target
NEAS.8b63b4a62f39fe51f04bad846500d900.exe
-
Size
1.6MB
-
Sample
231118-heedssdd4v
-
MD5
8b63b4a62f39fe51f04bad846500d900
-
SHA1
cd57f895dfbdef71daaec73832d686e25c4a9443
-
SHA256
12d85b878dd9e2e4bf577444948bc0a1db87009f5d51e6e79403d1d8c2b5861d
-
SHA512
8eb64ea0b612c306eba388c733b2e65ffa93111b6062d2034d4733352be8721c0450f1a130dbcbf9c17510612f2374017a1597ed90a20d5d9dd99d6b4c7c09d5
-
SSDEEP
24576:dPMYXSRYoY64PXxohpNzb44qv/x8GMpmIB8VDLjyfH4VYiwzcHA8csX1OA:dPCRI+NoHwqRCY2cHAMF
Behavioral task
behavioral1
Sample
NEAS.8b63b4a62f39fe51f04bad846500d900.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.8b63b4a62f39fe51f04bad846500d900.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.8b63b4a62f39fe51f04bad846500d900.exe
-
Size
1.6MB
-
MD5
8b63b4a62f39fe51f04bad846500d900
-
SHA1
cd57f895dfbdef71daaec73832d686e25c4a9443
-
SHA256
12d85b878dd9e2e4bf577444948bc0a1db87009f5d51e6e79403d1d8c2b5861d
-
SHA512
8eb64ea0b612c306eba388c733b2e65ffa93111b6062d2034d4733352be8721c0450f1a130dbcbf9c17510612f2374017a1597ed90a20d5d9dd99d6b4c7c09d5
-
SSDEEP
24576:dPMYXSRYoY64PXxohpNzb44qv/x8GMpmIB8VDLjyfH4VYiwzcHA8csX1OA:dPCRI+NoHwqRCY2cHAMF
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-