General
-
Target
2519412bd469ce3de2888aa487be8f51.exe
-
Size
828KB
-
Sample
240423-zgek1sbe9y
-
MD5
2519412bd469ce3de2888aa487be8f51
-
SHA1
91dd80c942023f360e81e27f4964504acb9bc4c5
-
SHA256
7e98baea7a5b0d51143910cde4c5503ae15d55d6f88b4b840ae7fe79469ed12f
-
SHA512
5eb1f509f16079cc1b56057edb2a6aff7f44ec3ce01543bd1dc0f7ce1a6408bc691fa3311aad814a10b41ab888d5eaa1a05cf2af61472b533e6382374d4d99b2
-
SSDEEP
12288:8qefeFkk8I2xKhgvmPsneK9Qbj9TZNkpEvdJkCoG+tanmS:7kVI2xKhgBKpTZNtdOl/tamS
Behavioral task
behavioral1
Sample
2519412bd469ce3de2888aa487be8f51.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2519412bd469ce3de2888aa487be8f51.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
2519412bd469ce3de2888aa487be8f51.exe
-
Size
828KB
-
MD5
2519412bd469ce3de2888aa487be8f51
-
SHA1
91dd80c942023f360e81e27f4964504acb9bc4c5
-
SHA256
7e98baea7a5b0d51143910cde4c5503ae15d55d6f88b4b840ae7fe79469ed12f
-
SHA512
5eb1f509f16079cc1b56057edb2a6aff7f44ec3ce01543bd1dc0f7ce1a6408bc691fa3311aad814a10b41ab888d5eaa1a05cf2af61472b533e6382374d4d99b2
-
SSDEEP
12288:8qefeFkk8I2xKhgvmPsneK9Qbj9TZNkpEvdJkCoG+tanmS:7kVI2xKhgBKpTZNtdOl/tamS
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-