General
-
Target
1df736e9fe6bdbfc6d249f9116815413.exe
-
Size
2.3MB
-
Sample
240512-dlqyysge85
-
MD5
1df736e9fe6bdbfc6d249f9116815413
-
SHA1
a7bb25820251be8f27ef460dc811a4a345f87898
-
SHA256
93052bbf65ee2790cbee9f7bd67f27a5501818747793caf86a2d0a7f1b0768ed
-
SHA512
1032257a4498736d901763758aa029cb9f9c111361db076af6eb8d45766dbedc4defc53f564bc759ade145653e2f96f4acb9a7a87d5ff966ce7fec09aa55244a
-
SSDEEP
49152:+Y2Y6vPgdyNHz1Gls+QCFLF6g8zzxqHFWAN57:+Y/6vmyJz1P+rHD4xoFW257
Behavioral task
behavioral1
Sample
1df736e9fe6bdbfc6d249f9116815413.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1df736e9fe6bdbfc6d249f9116815413.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1df736e9fe6bdbfc6d249f9116815413.exe
-
Size
2.3MB
-
MD5
1df736e9fe6bdbfc6d249f9116815413
-
SHA1
a7bb25820251be8f27ef460dc811a4a345f87898
-
SHA256
93052bbf65ee2790cbee9f7bd67f27a5501818747793caf86a2d0a7f1b0768ed
-
SHA512
1032257a4498736d901763758aa029cb9f9c111361db076af6eb8d45766dbedc4defc53f564bc759ade145653e2f96f4acb9a7a87d5ff966ce7fec09aa55244a
-
SSDEEP
49152:+Y2Y6vPgdyNHz1Gls+QCFLF6g8zzxqHFWAN57:+Y/6vmyJz1P+rHD4xoFW257
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-