General
-
Target
titan r6 menu.exe
-
Size
1.1MB
-
Sample
240425-yj9cqsdh9v
-
MD5
8e1b02dff0d5c9795b793c934653cc14
-
SHA1
58307ca9ce46c92e040596991235c55fbb405eb0
-
SHA256
e4fdd469b3d3d59dfa28feb9472b6a8c0318a669aa0467ae4d8eccd6f0168b85
-
SHA512
b92c2db8b1cfd92fc06d000fad5e1b0b28108a62b86b19702ecd0478344de8ae2a1f731b8dd5b8827e8ea548c5a82e7ecbac1a2b53a57a2383a76f7647035c88
-
SSDEEP
24576:U2G/nvxW3Ww0t+Q4m1dodoKY2dcbxnw+Zj5:UbA30D4mEXOt
Behavioral task
behavioral1
Sample
titan r6 menu.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
titan r6 menu.exe
-
Size
1.1MB
-
MD5
8e1b02dff0d5c9795b793c934653cc14
-
SHA1
58307ca9ce46c92e040596991235c55fbb405eb0
-
SHA256
e4fdd469b3d3d59dfa28feb9472b6a8c0318a669aa0467ae4d8eccd6f0168b85
-
SHA512
b92c2db8b1cfd92fc06d000fad5e1b0b28108a62b86b19702ecd0478344de8ae2a1f731b8dd5b8827e8ea548c5a82e7ecbac1a2b53a57a2383a76f7647035c88
-
SSDEEP
24576:U2G/nvxW3Ww0t+Q4m1dodoKY2dcbxnw+Zj5:UbA30D4mEXOt
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-