General
-
Target
6640a348f8932e6f95c8b06b98ee85fcJaffaCakes118
-
Size
2.2MB
-
Sample
240530-f26qfsga5z
-
MD5
6640a348f8932e6f95c8b06b98ee85fc
-
SHA1
4803f34b079c8c05212c93c95bf71174d67ef650
-
SHA256
8340ff20d05d783f4fcbff9f562bc10dac926be9716d0b7d3f1779ca3ac50608
-
SHA512
14aa32ea5661ef5510190b6bc70fd0b428fc5578fdf8c242bf5755145fb53881e0fc90562fb80f315a82e999bf5444d5668e79f39a20b0ab24e73726653d7933
-
SSDEEP
49152:s6ByZjSpCrP7PC3Rd3RQkqQMSb9kms0StTj:MfPPCdBsQj3StP
Static task
static1
Behavioral task
behavioral1
Sample
6640a348f8932e6f95c8b06b98ee85fcJaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6640a348f8932e6f95c8b06b98ee85fcJaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6640a348f8932e6f95c8b06b98ee85fcJaffaCakes118
-
Size
2.2MB
-
MD5
6640a348f8932e6f95c8b06b98ee85fc
-
SHA1
4803f34b079c8c05212c93c95bf71174d67ef650
-
SHA256
8340ff20d05d783f4fcbff9f562bc10dac926be9716d0b7d3f1779ca3ac50608
-
SHA512
14aa32ea5661ef5510190b6bc70fd0b428fc5578fdf8c242bf5755145fb53881e0fc90562fb80f315a82e999bf5444d5668e79f39a20b0ab24e73726653d7933
-
SSDEEP
49152:s6ByZjSpCrP7PC3Rd3RQkqQMSb9kms0StTj:MfPPCdBsQj3StP
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-