General
-
Target
9f850ca7aa37d6c00c1bd44a6a3f71d37762e0cc474a35e5b67e1d487d9f9aad
-
Size
3.7MB
-
Sample
240514-aqs3bsbf5v
-
MD5
6f2466923bafbabe0788c6126ff713d9
-
SHA1
2fb2911f4a08458e9aa922e4b8f6e6b4a7c2c81c
-
SHA256
9f850ca7aa37d6c00c1bd44a6a3f71d37762e0cc474a35e5b67e1d487d9f9aad
-
SHA512
ebc5f71d041828eb54781d5fee466b0026586dfe6929fb2327a7bfb016b13427f2177b7d405523ff3457f8a1808335d76fc24467de4ef0a9dcc0a41a638f5d30
-
SSDEEP
98304:+XXAzJltvwAu5QfCWC2UxdYZhOIeBXJcu3O:+HAzXtzu5QfCWPK+/2tJcz
Behavioral task
behavioral1
Sample
9f850ca7aa37d6c00c1bd44a6a3f71d37762e0cc474a35e5b67e1d487d9f9aad.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f850ca7aa37d6c00c1bd44a6a3f71d37762e0cc474a35e5b67e1d487d9f9aad.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
9f850ca7aa37d6c00c1bd44a6a3f71d37762e0cc474a35e5b67e1d487d9f9aad
-
Size
3.7MB
-
MD5
6f2466923bafbabe0788c6126ff713d9
-
SHA1
2fb2911f4a08458e9aa922e4b8f6e6b4a7c2c81c
-
SHA256
9f850ca7aa37d6c00c1bd44a6a3f71d37762e0cc474a35e5b67e1d487d9f9aad
-
SHA512
ebc5f71d041828eb54781d5fee466b0026586dfe6929fb2327a7bfb016b13427f2177b7d405523ff3457f8a1808335d76fc24467de4ef0a9dcc0a41a638f5d30
-
SSDEEP
98304:+XXAzJltvwAu5QfCWC2UxdYZhOIeBXJcu3O:+HAzXtzu5QfCWPK+/2tJcz
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-