General
-
Target
e1d86c6e52c904e9af8bc1351a66a131.exe
-
Size
2.2MB
-
Sample
240323-w8wf3adc7y
-
MD5
e1d86c6e52c904e9af8bc1351a66a131
-
SHA1
482741be08bba2ab5e3fd9d181a1dc8539121f8d
-
SHA256
ca851ef16c519ecf785610e2db584a5b79f41c76916b28164e580e4fa1238715
-
SHA512
fed19d61d82ef7bc267ee42413a5a6fa07f0cca4f1ca1f42ef4c294aef6bb9424b2b2dc9ea4cf0040dff5f526eaa5b07f561decf9a7310b93474657d718676b4
-
SSDEEP
49152:UbA30bEln+8YPyZc6wkQbPVqlC8m5saKHaFg35:UbUJ+lyZKjVJDWaA5
Behavioral task
behavioral1
Sample
e1d86c6e52c904e9af8bc1351a66a131.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e1d86c6e52c904e9af8bc1351a66a131.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e1d86c6e52c904e9af8bc1351a66a131.exe
-
Size
2.2MB
-
MD5
e1d86c6e52c904e9af8bc1351a66a131
-
SHA1
482741be08bba2ab5e3fd9d181a1dc8539121f8d
-
SHA256
ca851ef16c519ecf785610e2db584a5b79f41c76916b28164e580e4fa1238715
-
SHA512
fed19d61d82ef7bc267ee42413a5a6fa07f0cca4f1ca1f42ef4c294aef6bb9424b2b2dc9ea4cf0040dff5f526eaa5b07f561decf9a7310b93474657d718676b4
-
SSDEEP
49152:UbA30bEln+8YPyZc6wkQbPVqlC8m5saKHaFg35:UbUJ+lyZKjVJDWaA5
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-