General
-
Target
PizDec.exe
-
Size
1.4MB
-
Sample
240425-jtdaqagh99
-
MD5
f179fb92462522adcec42ba2f679d9e0
-
SHA1
0bc06ea16957413a0b8f1b09da991ce28da0ac90
-
SHA256
94856a3718b2e959b2ba1dc09a859ce43e4bdee0672f7d90e51803a6efdc6907
-
SHA512
bf9681d14574a5a832b1a43adfae43e91dbeed7c508d94dc01a1f90317bf95d5eaf3ddf40bc31e603c35b848a010417e708f149cc597e13f114f10f11535ccda
-
SSDEEP
24576:FecDOoLgMyVXXDZTTFUv8E344zmuWhzlHF+O1U3FFmMI0WVOfhufIQrkdPx:IcPpy5z5hUvVoolWpf1sFFm1XVOpufI5
Static task
static1
Behavioral task
behavioral1
Sample
PizDec.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
PizDec.exe
-
Size
1.4MB
-
MD5
f179fb92462522adcec42ba2f679d9e0
-
SHA1
0bc06ea16957413a0b8f1b09da991ce28da0ac90
-
SHA256
94856a3718b2e959b2ba1dc09a859ce43e4bdee0672f7d90e51803a6efdc6907
-
SHA512
bf9681d14574a5a832b1a43adfae43e91dbeed7c508d94dc01a1f90317bf95d5eaf3ddf40bc31e603c35b848a010417e708f149cc597e13f114f10f11535ccda
-
SSDEEP
24576:FecDOoLgMyVXXDZTTFUv8E344zmuWhzlHF+O1U3FFmMI0WVOfhufIQrkdPx:IcPpy5z5hUvVoolWpf1sFFm1XVOpufI5
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-