General
-
Target
thing.exe
-
Size
1.1MB
-
Sample
240425-15jejsfh35
-
MD5
72c076174cbd0159afca862c403f8929
-
SHA1
6540965126e4d69ddee5ed036e518d70fe4c0506
-
SHA256
7b997b2ca971a3d7c6d6d165c8894a6cdc68bccce2cf250d4004d888a395d3f4
-
SHA512
5a90244a5bedcbf84772c037bafd33bbe751bff41a1b44cc93701408cd21e4174f5585e7ada4423570a4e2fb9ff128dbd5c5f6b68bc3ad8b529e90611e9b80e6
-
SSDEEP
24576:U2G/nvxW3Ww0t2l4PReM2kSKVJDWZB3zsmqzxK:UbA302aPcM2YJDW/n
Behavioral task
behavioral1
Sample
thing.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
thing.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
thing.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
thing.exe
-
Size
1.1MB
-
MD5
72c076174cbd0159afca862c403f8929
-
SHA1
6540965126e4d69ddee5ed036e518d70fe4c0506
-
SHA256
7b997b2ca971a3d7c6d6d165c8894a6cdc68bccce2cf250d4004d888a395d3f4
-
SHA512
5a90244a5bedcbf84772c037bafd33bbe751bff41a1b44cc93701408cd21e4174f5585e7ada4423570a4e2fb9ff128dbd5c5f6b68bc3ad8b529e90611e9b80e6
-
SSDEEP
24576:U2G/nvxW3Ww0t2l4PReM2kSKVJDWZB3zsmqzxK:UbA302aPcM2YJDW/n
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-