General
-
Target
NEAS.ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097aexe.exe
-
Size
943KB
-
Sample
231204-te3beacc8v
-
MD5
7462c47aff3c0ede1f4671532758d7f8
-
SHA1
ccc2f8c33b83a520640d2921cd2247edcbefb020
-
SHA256
ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097a
-
SHA512
92e49c1b969f6470f256203f94eb1e434c5084cdebbfb85686173f00c729831a2477a7fbfd03166d5cfbe3044fc5552f9a3d9bbee33896fe88edf9b6f2642694
-
SSDEEP
24576:xW6VXRh//zyEKJYztxsoukhTSeiOSn40hm/GCHBn:k6pyDStBSKS+uCHBn
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097aexe.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097aexe.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
NEAS.ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097aexe.exe
-
Size
943KB
-
MD5
7462c47aff3c0ede1f4671532758d7f8
-
SHA1
ccc2f8c33b83a520640d2921cd2247edcbefb020
-
SHA256
ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097a
-
SHA512
92e49c1b969f6470f256203f94eb1e434c5084cdebbfb85686173f00c729831a2477a7fbfd03166d5cfbe3044fc5552f9a3d9bbee33896fe88edf9b6f2642694
-
SSDEEP
24576:xW6VXRh//zyEKJYztxsoukhTSeiOSn40hm/GCHBn:k6pyDStBSKS+uCHBn
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-