General
-
Target
NEAS.507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472cexe.exe
-
Size
827KB
-
Sample
231204-tv9qescf6z
-
MD5
0ac3339350e0daa8432bd27bac74e4e7
-
SHA1
ba10f531f9197f2432d6042173dc5cefa0ee8500
-
SHA256
507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472c
-
SHA512
86b3a1d4f447914286888b4fc84a2a166b6625fc2e88c61b259282dc2a49f8ea11ff0d4727d1b78245a5b30ea08738701cf16000cdb95de7d39b732eb0906e64
-
SSDEEP
12288:2uSqy+QGEAGlP9suppP3YSMXj6pM9zuryXVqnWRMORNHEWZEVjJe6C:2G3GlP9BXYSMXj6pMbZ9HvZujc
Behavioral task
behavioral1
Sample
NEAS.507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472cexe.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472cexe.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
NEAS.507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472cexe.exe
-
Size
827KB
-
MD5
0ac3339350e0daa8432bd27bac74e4e7
-
SHA1
ba10f531f9197f2432d6042173dc5cefa0ee8500
-
SHA256
507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472c
-
SHA512
86b3a1d4f447914286888b4fc84a2a166b6625fc2e88c61b259282dc2a49f8ea11ff0d4727d1b78245a5b30ea08738701cf16000cdb95de7d39b732eb0906e64
-
SSDEEP
12288:2uSqy+QGEAGlP9suppP3YSMXj6pM9zuryXVqnWRMORNHEWZEVjJe6C:2G3GlP9BXYSMXj6pMbZ9HvZujc
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-