General
-
Target
ebe0c3e5a13ddda2197224620d8c166f76cba330e6196fbf8b513a0813d107c8
-
Size
415KB
-
Sample
240417-p7apmsgb97
-
MD5
4ac5488eed424710745d88fae67ec16d
-
SHA1
90fad2b3753397962004bc78b2954af409b44e67
-
SHA256
ebe0c3e5a13ddda2197224620d8c166f76cba330e6196fbf8b513a0813d107c8
-
SHA512
8799e1e0c016c6b6cbdb81ae59b03bc907f0e8f925b41dd4b109a3ac59b8f213e688a8ad014fb3c9a1358deec38d16f2915a6d99cf254f5baea06ce5e3b4968f
-
SSDEEP
12288:EHzTBNlHiAwOZiVgoi6t8uNHa+fcP1c2xMxbVlh1:EPHlHliVgkt8oHqq2xYf
Behavioral task
behavioral1
Sample
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe
-
Size
828KB
-
MD5
7f014bedf67806cd5b9b5bac160f6375
-
SHA1
d97923c167b8eab1280756bb1f45f41df5ee88e0
-
SHA256
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f
-
SHA512
2ada9501663b5ef753da3c0340710f19a4969ad32f80d99a2a75cc792539c412c34eaee9751afc8f70ae0f0bac5b65e68734c6dcda73516ff76ed9d47b75fef8
-
SSDEEP
12288:5qZOoyGg+IahNs6zxwsM6ZBRpMsrf7p1bRJiaIv2cBjRlavtgItFz4W:5qZrYahy6z5MwPpMsDcB1WeItFzz
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-