General
-
Target
Soundpad.exe
-
Size
5.9MB
-
Sample
240512-tezwaadc8z
-
MD5
7dd40bf42c6289ab07faa6a4ac87c4f5
-
SHA1
154f32614944496929092c39f80fd0519d39442b
-
SHA256
c840a6d224bd037646c173767fe63743985c7a932c177a841b1481c32252d3a0
-
SHA512
c0e3e7dc4f3efcf6fcd4959a01e81a2adfcb2e957474877a60c2de9146d1028eaa363a8e86a3ba2635c868b271669341336dabaac786572a0432b98f70cfa1cb
-
SSDEEP
98304:ykLOg+x1I1i76GsYDXH38ahxs484rHxeW5a5zFBEQATmsJSZm25AAYSV1q7GAu+0:dON2x4bXJhygRevVfATms4lWVSIt5o9n
Static task
static1
Malware Config
Targets
-
-
Target
Soundpad.exe
-
Size
5.9MB
-
MD5
7dd40bf42c6289ab07faa6a4ac87c4f5
-
SHA1
154f32614944496929092c39f80fd0519d39442b
-
SHA256
c840a6d224bd037646c173767fe63743985c7a932c177a841b1481c32252d3a0
-
SHA512
c0e3e7dc4f3efcf6fcd4959a01e81a2adfcb2e957474877a60c2de9146d1028eaa363a8e86a3ba2635c868b271669341336dabaac786572a0432b98f70cfa1cb
-
SSDEEP
98304:ykLOg+x1I1i76GsYDXH38ahxs484rHxeW5a5zFBEQATmsJSZm25AAYSV1q7GAu+0:dON2x4bXJhygRevVfATms4lWVSIt5o9n
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-