General
-
Target
e1d86c6e52c904e9af8bc1351a66a131.bin
-
Size
1.6MB
-
Sample
240325-ff255sgd79
-
MD5
473dc277c8e037b9de0cdf53f0eda913
-
SHA1
0c9ad909905824a7b2fcdbb50c1cbcdd4b02ab7b
-
SHA256
da432b9275c0f68b3eefaff372f75dceb4dabb786be7b0d770a97152f98e021f
-
SHA512
eaaf826abdc9631318db4505dbb76b20d89248439169e60d2743f03f75d0672facf1284129f7dd80065da7b3e65fa85296c364a840c6e5dc3728562367c63175
-
SSDEEP
24576:y099ujwhyogoaKaYCrTcyczL/R81ZYgLYGIm2MiK3jVWh2RsI8KR6LD87ChSZ:y099uAYRrBcHSFYGF29K3jVW0/i8eMZ
Behavioral task
behavioral1
Sample
ca851ef16c519ecf785610e2db584a5b79f41c76916b28164e580e4fa1238715.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ca851ef16c519ecf785610e2db584a5b79f41c76916b28164e580e4fa1238715.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
ca851ef16c519ecf785610e2db584a5b79f41c76916b28164e580e4fa1238715.exe
-
Size
2.2MB
-
MD5
e1d86c6e52c904e9af8bc1351a66a131
-
SHA1
482741be08bba2ab5e3fd9d181a1dc8539121f8d
-
SHA256
ca851ef16c519ecf785610e2db584a5b79f41c76916b28164e580e4fa1238715
-
SHA512
fed19d61d82ef7bc267ee42413a5a6fa07f0cca4f1ca1f42ef4c294aef6bb9424b2b2dc9ea4cf0040dff5f526eaa5b07f561decf9a7310b93474657d718676b4
-
SSDEEP
49152:UbA30bEln+8YPyZc6wkQbPVqlC8m5saKHaFg35:UbUJ+lyZKjVJDWaA5
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-