General
-
Target
RevisionFX Twixtor Pro 7.0.2.exe
-
Size
616.1MB
-
Sample
231120-x5awmaaa32
-
MD5
d998c163a5b61a53e85ba6d152168a5c
-
SHA1
086b7745a5a9cdf4f0b63699559fbc8d22f64186
-
SHA256
6a5c4383a7b6393a180cf3e73e02cd98a81a7b5777de98a07caae4b691f7ac3c
-
SHA512
6340a8f1b9ebee1bd1a19b209ff38a4c8fc35ebb173ea51c8cbdfdda6b29f0c8619d9628ee97efa429182a97e6beca849e6786db3798efe4173d095f1b679276
-
SSDEEP
786432:mpxj69KQ8MNHdekvV7Kjxo4p1ScTBDy1RKyso5c1tPh/efqxlKfLTaJPlRUVfA:mpxIKZMNHdnxK6g9TBDUn/M2a4TaXb
Static task
static1
Behavioral task
behavioral1
Sample
RevisionFX Twixtor Pro 7.0.2.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
RevisionFX Twixtor Pro 7.0.2.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
RevisionFX Twixtor Pro 7.0.2.exe
-
Size
616.1MB
-
MD5
d998c163a5b61a53e85ba6d152168a5c
-
SHA1
086b7745a5a9cdf4f0b63699559fbc8d22f64186
-
SHA256
6a5c4383a7b6393a180cf3e73e02cd98a81a7b5777de98a07caae4b691f7ac3c
-
SHA512
6340a8f1b9ebee1bd1a19b209ff38a4c8fc35ebb173ea51c8cbdfdda6b29f0c8619d9628ee97efa429182a97e6beca849e6786db3798efe4173d095f1b679276
-
SSDEEP
786432:mpxj69KQ8MNHdekvV7Kjxo4p1ScTBDy1RKyso5c1tPh/efqxlKfLTaJPlRUVfA:mpxIKZMNHdnxK6g9TBDUn/M2a4TaXb
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-