General
-
Target
b817873fadd6af466832355a47d1e9ae.bin
-
Size
589KB
-
Sample
240530-dgr1fsda39
-
MD5
bd26a798cd0e16293854efa0d1c3eeba
-
SHA1
9379d72142a44e21ef8fb10b032143e68ffd27af
-
SHA256
0f6215b559b8436f2bd82dacca1a3ea76c1cee35c3f7f526388c0282ecb699db
-
SHA512
8f5344a6c1f6e016f4b1f366034f4cf2ebe55efd08cab33e35e58ca4cdedcc93fd1fe22b9377ec534bc72185025b33e9226f21b88ef0272c520ae209b9b64df5
-
SSDEEP
12288:gTchTNOFhNeSDIXXNduWfR8ax5XoUEMSeRlRFZPyHLx1akNeaMEL:3DehNClR8uXoUEnerRnKH91akIaMEL
Behavioral task
behavioral1
Sample
c4c83b1a077e713337ea9f76248e9115cebfa105b3338747e3284cd610254581.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c4c83b1a077e713337ea9f76248e9115cebfa105b3338747e3284cd610254581.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
c4c83b1a077e713337ea9f76248e9115cebfa105b3338747e3284cd610254581.exe
-
Size
1000KB
-
MD5
b817873fadd6af466832355a47d1e9ae
-
SHA1
e06db2031ed495fd73c7c0d60cb581702f668ec4
-
SHA256
c4c83b1a077e713337ea9f76248e9115cebfa105b3338747e3284cd610254581
-
SHA512
1ed7a3060d0f7298f969152968b18db5211ca087480ef650415b297747576e033151bfb5b6494e0e1b79ddc609b25412a3707c475a8cd12f3fca95894a6e4a77
-
SSDEEP
24576:jzZgodRLKBXQEyRt7d/bZJfKp491BaDwoA:jz9W29vlp9Ok
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-