General
-
Target
99e882c80fb11165393cb369573bff8b7b5c460e57f50ec6d510c8e9c7a26044
-
Size
415KB
-
Sample
240417-p7lf5sgc37
-
MD5
784e8cd22c5580ccd9588429e4096b7f
-
SHA1
b9326e15a836fd510c09bafd73169262de54e006
-
SHA256
99e882c80fb11165393cb369573bff8b7b5c460e57f50ec6d510c8e9c7a26044
-
SHA512
4f9cf0af32c675e0a0f75550c410dc230a44c127f0cc986fc5b5ca038f8e215ca8945f43f23eb5335006717a383771d1026de1a65782761417c6122e30381ea7
-
SSDEEP
12288:vOybxLmmHvn35/90HUoba4kD5Ewt+40MKHZ3wFui:3xLmmHvn3t90HUoWJyykpZgF5
Behavioral task
behavioral1
Sample
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f.exe
-
Size
828KB
-
MD5
7f014bedf67806cd5b9b5bac160f6375
-
SHA1
d97923c167b8eab1280756bb1f45f41df5ee88e0
-
SHA256
57bfb1ccdc00493daf0987426bc3744bfcc0f2777b78594e840832a776b32a9f
-
SHA512
2ada9501663b5ef753da3c0340710f19a4969ad32f80d99a2a75cc792539c412c34eaee9751afc8f70ae0f0bac5b65e68734c6dcda73516ff76ed9d47b75fef8
-
SSDEEP
12288:5qZOoyGg+IahNs6zxwsM6ZBRpMsrf7p1bRJiaIv2cBjRlavtgItFz4W:5qZrYahy6z5MwPpMsDcB1WeItFzz
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-