General
-
Target
3e69bb7839c9d2ed8a2a852368b2bb46df43b122afc535a035438ada17319624
-
Size
415KB
-
Sample
240417-rjl4wabc98
-
MD5
3ee8e994dbbbedee99e431923d0f3b6a
-
SHA1
b013060d351aba478b7adb758f823c35c24611b4
-
SHA256
3e69bb7839c9d2ed8a2a852368b2bb46df43b122afc535a035438ada17319624
-
SHA512
f4fa0a2e7b2ebe157f5d1cf38d0feaaccc37a9f414736ac2c8f8ff570e52b5be49b0940b25bdda3e9cb16a592f6a0b9aed040724c50782b37fe9973139f4e848
-
SSDEEP
12288:G9nRy9QqXYEGcHWQNA4KQ4pHaGW8YzoHe9jvHeCGp:G9Ry9bdHzAe4oGW8J+9jg
Behavioral task
behavioral1
Sample
da865b816dc5ccc8c66733b1f897b3f986d6c14f09bcb481641fd6e5aeeb37dd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
da865b816dc5ccc8c66733b1f897b3f986d6c14f09bcb481641fd6e5aeeb37dd.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
da865b816dc5ccc8c66733b1f897b3f986d6c14f09bcb481641fd6e5aeeb37dd.exe
-
Size
827KB
-
MD5
14f7828985000bd40f50f7b7f7f3593c
-
SHA1
a41a27e60aed63ad527981008eb611b3e4719963
-
SHA256
da865b816dc5ccc8c66733b1f897b3f986d6c14f09bcb481641fd6e5aeeb37dd
-
SHA512
4c2295b4a367179106eb784991eec8ec3fb8fde3622a394a9842b8a32b566a3ddc05578602d46460c7bb8d12f19844f94115451d405ff80cbfcaf7f6a0192ea1
-
SSDEEP
12288:h6kjJNrGvbVpOUnzbpQ4Gkppi4eladliylxtXDwjA:h6kqvbVFpQ4GLqiyljDwjA
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-