General
-
Target
2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517.exe
-
Size
1.1MB
-
Sample
231204-gv1fjahd38
-
MD5
71ea6268f9069ce113824b4ad34384ff
-
SHA1
c6faa871c7434ff60583de306b6947ef7feadc06
-
SHA256
2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517
-
SHA512
e4fe605eb621eb8ae9710d6d1d7cf802e8c66c384c731cdcee50e8c19dbb22a0d23338d368bb89b908f50831cc12d5cc9e541b8e2887b2f505863afa2bce6241
-
SSDEEP
24576:U2G/nvxW3Ww0tACSUGFzLmBqSQ25wE2yrnj4FA5:UbA30ACSxiBqSQYyw
Behavioral task
behavioral1
Sample
2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517.exe
-
Size
1.1MB
-
MD5
71ea6268f9069ce113824b4ad34384ff
-
SHA1
c6faa871c7434ff60583de306b6947ef7feadc06
-
SHA256
2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517
-
SHA512
e4fe605eb621eb8ae9710d6d1d7cf802e8c66c384c731cdcee50e8c19dbb22a0d23338d368bb89b908f50831cc12d5cc9e541b8e2887b2f505863afa2bce6241
-
SSDEEP
24576:U2G/nvxW3Ww0tACSUGFzLmBqSQ25wE2yrnj4FA5:UbA30ACSxiBqSQYyw
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-