General
-
Target
0b3fbf84d65971bf89541205f1d35c85.bin
-
Size
1.4MB
-
Sample
240425-bc9ctsce49
-
MD5
1f1411e6ca3421f65c428b0fcf0e803a
-
SHA1
3c944a9c0d115a9809df84b9eb54cd99b5dbc1ae
-
SHA256
a8534a32fa5ac44d9ec37f70543fe7151084f51ba2fc5fb0795b18c9909e0162
-
SHA512
63b1afdc2e2ea92a032048065b6e068e9459301b22d915172218847e31de579a81dceed77001ae830002b66c6e077b115b5d693d636d8bded07f27d1a5e3b323
-
SSDEEP
24576:nGbdG7c4y59rTZmOP/YBkzB/gACpfQV9VT9i5WgyHCOykfQXZdBfCxsUe3NyJZ:2dxZ8kzB/WpY/VTTgywIQJ/CxsZyJZ
Static task
static1
Behavioral task
behavioral1
Sample
97d983df8e02cb6f1ed5d21cf776d071daee77081d83fde4721ac96fc168bbb3.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
97d983df8e02cb6f1ed5d21cf776d071daee77081d83fde4721ac96fc168bbb3.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
97d983df8e02cb6f1ed5d21cf776d071daee77081d83fde4721ac96fc168bbb3.exe
-
Size
1.6MB
-
MD5
0b3fbf84d65971bf89541205f1d35c85
-
SHA1
84bd9f4e6ff33ca092353452a0becf7b5e12ace0
-
SHA256
97d983df8e02cb6f1ed5d21cf776d071daee77081d83fde4721ac96fc168bbb3
-
SHA512
98fc357ed067537a0c360631b154db9c24e823fc4261555521d3207058f8118868566fca30471141dacf8ac88cd0484f7f08c58c807d85e96854fb6789580ab4
-
SSDEEP
24576:SgZXoZUTVdt7KHzkoWwXWR3Wx4tjmJzR6CsbXWwvoUge9aev2IvwqHb0XNRcgjKw:R7oWwXvx45mPWbmwvoKdvF097zF
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-