General
-
Target
e8d72180bb28f49479a739e9c1b22aad02809cac77a7cb2fdc0c70ad7dcd89a1
-
Size
413KB
-
Sample
240417-r337haea7w
-
MD5
b675cb3a3a00359c42031dec7ef01b98
-
SHA1
bf9e7c879431159a7a458e8e0fed979ac12caa3e
-
SHA256
e8d72180bb28f49479a739e9c1b22aad02809cac77a7cb2fdc0c70ad7dcd89a1
-
SHA512
d364aa8693da069eb28d786db1f96e6609f4478c7827e9b4c578f37cba5c5be646ef02d4dd6e72dfdc9742d0c8f621cec957e9ea7515e219e65248b8bacb6a3e
-
SSDEEP
6144:0VTCqisFLVoQ9LBBOQxmyrBxcaxCm2N0gDNX2fM2OdPs7GGnmiYtOALvQxx:0VTCqBFLaUKyrBDUV0+BOGsmiYkhx
Behavioral task
behavioral1
Sample
e19c34aa6213dce5d659117b57ff1951822352d86ca4678d3aee8e30bb759a85.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e19c34aa6213dce5d659117b57ff1951822352d86ca4678d3aee8e30bb759a85.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
e19c34aa6213dce5d659117b57ff1951822352d86ca4678d3aee8e30bb759a85.exe
-
Size
829KB
-
MD5
5fc7d1990c73a740b751bf56372ede24
-
SHA1
a67df2b9b70bde79b10984209ff72fc7f392bead
-
SHA256
e19c34aa6213dce5d659117b57ff1951822352d86ca4678d3aee8e30bb759a85
-
SHA512
a5ab4f5bb06bdcec7e510142fa0ffc0ed12b930d4f734d8077e94da8e7b0a83dcaadad692238b0154e2a7ad867e1929751f3845573f631831cae401cdc50b0ce
-
SSDEEP
12288:6uhjddulmD/pIvCfmujIPAvuC/q4YeUzGmpuGlehx8r+/F:7zulmfmujIYvuWq4Y1zGkuGUIqt
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-