General
-
Target
fbccdef1fbcd0bc114049d1a1e8d78de_JaffaCakes118
-
Size
9.8MB
-
Sample
240420-dpvfjsfg31
-
MD5
fbccdef1fbcd0bc114049d1a1e8d78de
-
SHA1
54e54570614763389250f158c0130fb23e923e3a
-
SHA256
6bad6d52a9e70f52162013a2459c926c1b9cfcd6ebcf0c7c5ba3446d85ccb9dd
-
SHA512
01090a79d645e8fc650cc8cc73042469431cf00b7f35df6043622ea556eddb44998abf0d3554a60126db292d07013fb88edd8ec0352c7dcd6939e54552e6a557
-
SSDEEP
196608:vxnfRyM5Dny1XI+kB0mmP93yPruHt0Q3+ZmnHaCI8xmkSQ4e:Jn5/7y50e93yProtf3KmnHZrw7Q
Static task
static1
Behavioral task
behavioral1
Sample
fbccdef1fbcd0bc114049d1a1e8d78de_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fbccdef1fbcd0bc114049d1a1e8d78de_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fbccdef1fbcd0bc114049d1a1e8d78de_JaffaCakes118
-
Size
9.8MB
-
MD5
fbccdef1fbcd0bc114049d1a1e8d78de
-
SHA1
54e54570614763389250f158c0130fb23e923e3a
-
SHA256
6bad6d52a9e70f52162013a2459c926c1b9cfcd6ebcf0c7c5ba3446d85ccb9dd
-
SHA512
01090a79d645e8fc650cc8cc73042469431cf00b7f35df6043622ea556eddb44998abf0d3554a60126db292d07013fb88edd8ec0352c7dcd6939e54552e6a557
-
SSDEEP
196608:vxnfRyM5Dny1XI+kB0mmP93yPruHt0Q3+ZmnHaCI8xmkSQ4e:Jn5/7y50e93yProtf3KmnHZrw7Q
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-