General
-
Target
47080165218405f220b00c0f6897517c.exe
-
Size
3.0MB
-
Sample
231209-k1sjnahca4
-
MD5
47080165218405f220b00c0f6897517c
-
SHA1
9fdf2bf8eb32c906d42e8dcf5f35c902f58621cd
-
SHA256
942ce9bb5178d33eb90530cb614c3857f6b76723548e2e2865655072f47ecc62
-
SHA512
8e2221c7030c28d8e8220e801d0cac7120acc71e88ec87dce605ccbe69ff864bee8d757274743e37ca9931409535e0c75a3c915866eb19ced56e9aa915f883d0
-
SSDEEP
49152:p+0qDsQS+bwE7hpfKHMvHUKxrjSx8TtT8ELcyfBdTAnygXsn/bF:p+psox0svHU3xCR8EjHgYb
Behavioral task
behavioral1
Sample
47080165218405f220b00c0f6897517c.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
47080165218405f220b00c0f6897517c.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
47080165218405f220b00c0f6897517c.exe
-
Size
3.0MB
-
MD5
47080165218405f220b00c0f6897517c
-
SHA1
9fdf2bf8eb32c906d42e8dcf5f35c902f58621cd
-
SHA256
942ce9bb5178d33eb90530cb614c3857f6b76723548e2e2865655072f47ecc62
-
SHA512
8e2221c7030c28d8e8220e801d0cac7120acc71e88ec87dce605ccbe69ff864bee8d757274743e37ca9931409535e0c75a3c915866eb19ced56e9aa915f883d0
-
SSDEEP
49152:p+0qDsQS+bwE7hpfKHMvHUKxrjSx8TtT8ELcyfBdTAnygXsn/bF:p+psox0svHU3xCR8EjHgYb
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-