General
-
Target
3dff4425c554fdc1c76dff58d562a8e4.exe
-
Size
828KB
-
Sample
240512-cwvjfsfb68
-
MD5
3dff4425c554fdc1c76dff58d562a8e4
-
SHA1
6b9828803b681f85608d393a7c8d12bcce515639
-
SHA256
ed7a4c4cc9cbdaa5c25f5aeb73179fccb8ce386f5b4edf5e72fcbadfb266cb44
-
SHA512
718d29e1c819b451782f015e04aa8d544a6b164cafaa2eabdf0ace287077c4805204d5758ad546b8d0a1f5489c3de39c2b5d8e51d298597f1ec17d7ad8a36b27
-
SSDEEP
24576:EINwP5PyN/2mvDkHf4aa2qdNnxmt4g4mPw9g:EIm5Xz4aa27c
Behavioral task
behavioral1
Sample
3dff4425c554fdc1c76dff58d562a8e4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3dff4425c554fdc1c76dff58d562a8e4.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
3dff4425c554fdc1c76dff58d562a8e4.exe
-
Size
828KB
-
MD5
3dff4425c554fdc1c76dff58d562a8e4
-
SHA1
6b9828803b681f85608d393a7c8d12bcce515639
-
SHA256
ed7a4c4cc9cbdaa5c25f5aeb73179fccb8ce386f5b4edf5e72fcbadfb266cb44
-
SHA512
718d29e1c819b451782f015e04aa8d544a6b164cafaa2eabdf0ace287077c4805204d5758ad546b8d0a1f5489c3de39c2b5d8e51d298597f1ec17d7ad8a36b27
-
SSDEEP
24576:EINwP5PyN/2mvDkHf4aa2qdNnxmt4g4mPw9g:EIm5Xz4aa27c
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-