General
-
Target
ae869688bec81e7330c9b358632bb49f52c9f0c509f5bdaa68322716226eef8d.exe
-
Size
1.3MB
-
Sample
240512-bvntvaaa9y
-
MD5
2029c3848ad3b20eebacd4499dbed39a
-
SHA1
47c3342f48820776b093102f91f58d7c47f864d5
-
SHA256
ae869688bec81e7330c9b358632bb49f52c9f0c509f5bdaa68322716226eef8d
-
SHA512
a08d2bc849cee2d522bea928183116ee6ff4452ed8c611af8f312e58a955f93b3bb0c873945e45c4ea97d06c7f96f5d3662c729604f75279ad43e8356ea7ef8e
-
SSDEEP
24576:hBp5V4wFREO4PEPG4QMwEpB08Hwp78V6x1OA:hBp59E5PjMFBrSC6x0
Behavioral task
behavioral1
Sample
ae869688bec81e7330c9b358632bb49f52c9f0c509f5bdaa68322716226eef8d.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ae869688bec81e7330c9b358632bb49f52c9f0c509f5bdaa68322716226eef8d.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
ae869688bec81e7330c9b358632bb49f52c9f0c509f5bdaa68322716226eef8d.exe
-
Size
1.3MB
-
MD5
2029c3848ad3b20eebacd4499dbed39a
-
SHA1
47c3342f48820776b093102f91f58d7c47f864d5
-
SHA256
ae869688bec81e7330c9b358632bb49f52c9f0c509f5bdaa68322716226eef8d
-
SHA512
a08d2bc849cee2d522bea928183116ee6ff4452ed8c611af8f312e58a955f93b3bb0c873945e45c4ea97d06c7f96f5d3662c729604f75279ad43e8356ea7ef8e
-
SSDEEP
24576:hBp5V4wFREO4PEPG4QMwEpB08Hwp78V6x1OA:hBp59E5PjMFBrSC6x0
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-