General
-
Target
3d71f1e177234c396f2a5d7d852a2376.exe
-
Size
1.4MB
-
Sample
240515-z96j7sda64
-
MD5
3d71f1e177234c396f2a5d7d852a2376
-
SHA1
fe960120b965c91a3021fbea60e1b2c77ec78b63
-
SHA256
c0db54d6ec9c0e2310d4c8bfd1739f079a0fd85adcf088ff8876f54485a61f2c
-
SHA512
e2bc7e6027b32088580ab4e2a074d23c8be77ef5992f502fadb0875316a2b2f79bd9d1668568d99867715d5e60ee2fa236c903ba668cfd868142e3d18bbda82c
-
SSDEEP
24576:U2G/nvxW3Ww0tHzmBv0vDGt3r6+yWJmgHgwSRADpDial:UbA30HzFGnJ2wS+1ic
Behavioral task
behavioral1
Sample
3d71f1e177234c396f2a5d7d852a2376.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3d71f1e177234c396f2a5d7d852a2376.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
3d71f1e177234c396f2a5d7d852a2376.exe
-
Size
1.4MB
-
MD5
3d71f1e177234c396f2a5d7d852a2376
-
SHA1
fe960120b965c91a3021fbea60e1b2c77ec78b63
-
SHA256
c0db54d6ec9c0e2310d4c8bfd1739f079a0fd85adcf088ff8876f54485a61f2c
-
SHA512
e2bc7e6027b32088580ab4e2a074d23c8be77ef5992f502fadb0875316a2b2f79bd9d1668568d99867715d5e60ee2fa236c903ba668cfd868142e3d18bbda82c
-
SSDEEP
24576:U2G/nvxW3Ww0tHzmBv0vDGt3r6+yWJmgHgwSRADpDial:UbA30HzFGnJ2wS+1ic
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-