General
-
Target
Nursultan.exe
-
Size
2.7MB
-
Sample
240429-mb3z7sgf3t
-
MD5
e583f67770005dc5b370155f9c7b608a
-
SHA1
077554143156c8947617e64df14d438b168cc43b
-
SHA256
9cde217f1971016a8d76dba58f059c0b05c82a4331acf4ddef307b412a10fdf3
-
SHA512
32347f3d843ebc3f45ed92231ec24019b7c37d7267c165134d00a10eb6c2fe8293e8f5a24ed2d835f87ecbf4164f25766ad332498448df7097ce611eb9d2cfd8
-
SSDEEP
49152:FbA36CgR2EcaLBvytDQxbfrp2kL2xfzX8pArZrE04fpYlCKjYr+A/ajPfvtYSYZB:FbTdR2MwtD2fp2XZzXrrZILfuI2q+JXe
Behavioral task
behavioral1
Sample
Nursultan.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
Nursultan.exe
-
Size
2.7MB
-
MD5
e583f67770005dc5b370155f9c7b608a
-
SHA1
077554143156c8947617e64df14d438b168cc43b
-
SHA256
9cde217f1971016a8d76dba58f059c0b05c82a4331acf4ddef307b412a10fdf3
-
SHA512
32347f3d843ebc3f45ed92231ec24019b7c37d7267c165134d00a10eb6c2fe8293e8f5a24ed2d835f87ecbf4164f25766ad332498448df7097ce611eb9d2cfd8
-
SSDEEP
49152:FbA36CgR2EcaLBvytDQxbfrp2kL2xfzX8pArZrE04fpYlCKjYr+A/ajPfvtYSYZB:FbTdR2MwtD2fp2XZzXrrZILfuI2q+JXe
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-