General
-
Target
0b3fbf84d65971bf89541205f1d35c85.exe
-
Size
1.6MB
-
Sample
240423-r2eshsha9s
-
MD5
0b3fbf84d65971bf89541205f1d35c85
-
SHA1
84bd9f4e6ff33ca092353452a0becf7b5e12ace0
-
SHA256
97d983df8e02cb6f1ed5d21cf776d071daee77081d83fde4721ac96fc168bbb3
-
SHA512
98fc357ed067537a0c360631b154db9c24e823fc4261555521d3207058f8118868566fca30471141dacf8ac88cd0484f7f08c58c807d85e96854fb6789580ab4
-
SSDEEP
24576:SgZXoZUTVdt7KHzkoWwXWR3Wx4tjmJzR6CsbXWwvoUge9aev2IvwqHb0XNRcgjKw:R7oWwXvx45mPWbmwvoKdvF097zF
Static task
static1
Behavioral task
behavioral1
Sample
0b3fbf84d65971bf89541205f1d35c85.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0b3fbf84d65971bf89541205f1d35c85.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
0b3fbf84d65971bf89541205f1d35c85.exe
-
Size
1.6MB
-
MD5
0b3fbf84d65971bf89541205f1d35c85
-
SHA1
84bd9f4e6ff33ca092353452a0becf7b5e12ace0
-
SHA256
97d983df8e02cb6f1ed5d21cf776d071daee77081d83fde4721ac96fc168bbb3
-
SHA512
98fc357ed067537a0c360631b154db9c24e823fc4261555521d3207058f8118868566fca30471141dacf8ac88cd0484f7f08c58c807d85e96854fb6789580ab4
-
SSDEEP
24576:SgZXoZUTVdt7KHzkoWwXWR3Wx4tjmJzR6CsbXWwvoUge9aev2IvwqHb0XNRcgjKw:R7oWwXvx45mPWbmwvoKdvF097zF
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-