General
-
Target
07fa9ac4502b2a0ba83036450abbe28d6656c8941abf5180e81650550aa50a4e.zip
-
Size
595KB
-
Sample
231119-3vpjxsdf4w
-
MD5
c48d36403bfb7e3500f040d8c6bdcf39
-
SHA1
c4146d70f0a9cdb6985389a4b6172b0d794f9731
-
SHA256
2fb98416c66e1e2965791384acd49860a00e2b29f16f88bfe01a23d3f3ccb0dc
-
SHA512
f3575a3bd6d4dd68bb12e73401deba63359b366f594732ffbe3578f3f21ef5c136baca4bf3bc9e0b746ad2504ebdebcebbe153e8f7a78fe6385825cfb46eaf54
-
SSDEEP
12288:OuYnohzNo7n3zW3U08zpEvv9E8YglkakZsJaI/KWE9xofMxEyRbKPuRmbZ4YkRWI:Op427IX8dEtd7g4aImwMxEAbKPuR8KYW
Behavioral task
behavioral1
Sample
07fa9ac4502b2a0ba83036450abbe28d6656c8941abf5180e81650550aa50a4e.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
07fa9ac4502b2a0ba83036450abbe28d6656c8941abf5180e81650550aa50a4e.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
07fa9ac4502b2a0ba83036450abbe28d6656c8941abf5180e81650550aa50a4e.exe
-
Size
1.1MB
-
MD5
1a030d2d68a966877a377cf8c888115c
-
SHA1
b0d0fe9953ca03954fe6951d3fda35b08a045359
-
SHA256
07fa9ac4502b2a0ba83036450abbe28d6656c8941abf5180e81650550aa50a4e
-
SHA512
9b8d1336c207f5a6b34aecd1389405012ba33abc842a32d4de40a359abfe3314224e4154221bbeffaeb18987821dc150fc9010fb9b64b39b173546d47193da1e
-
SSDEEP
24576:U2G/nvxW3Ww0tKUVvRF5tWgTkvP0fA7HD56:UbA30KUVv+gwvsfA0
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-