General
-
Target
SLOVOPACANA.exe
-
Size
1.2MB
-
Sample
231206-rjfbbsfb72
-
MD5
cd027faaa16d14fe7aa370c8057225d5
-
SHA1
0054f01d667b7e75c5a255f8ee4d77b177373c08
-
SHA256
c248d6ee2cf5cd6ca386c7a358abdd8ec408c6a63f998f22cbf896809568d90f
-
SHA512
ac7bd57bc19ccca405027135ef07a7f475286ed96c00479eebccf725edda6c8ba94e91268aa8e0e812e15dd206f30dd30512ab99b6f8bd0b5ee6e7b26f042751
-
SSDEEP
24576:g2G/nvxW3WfvxgCEe8FjqoCsq9/a75E6PyKP7g2:gbA3BCDujl0+2Y
Behavioral task
behavioral1
Sample
SLOVOPACANA.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
SLOVOPACANA.exe
-
Size
1.2MB
-
MD5
cd027faaa16d14fe7aa370c8057225d5
-
SHA1
0054f01d667b7e75c5a255f8ee4d77b177373c08
-
SHA256
c248d6ee2cf5cd6ca386c7a358abdd8ec408c6a63f998f22cbf896809568d90f
-
SHA512
ac7bd57bc19ccca405027135ef07a7f475286ed96c00479eebccf725edda6c8ba94e91268aa8e0e812e15dd206f30dd30512ab99b6f8bd0b5ee6e7b26f042751
-
SSDEEP
24576:g2G/nvxW3WfvxgCEe8FjqoCsq9/a75E6PyKP7g2:gbA3BCDujl0+2Y
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-