General
-
Target
6c54dc7f97375dfa134a7a542dcb18616ddb18d81f1c5f324b7b04291770d0c4
-
Size
1.7MB
-
Sample
240601-2lrr9ahc8x
-
MD5
39f0dd73b6cd3626818cb2f1dc808fff
-
SHA1
5a75243e011e0b435225548d7d332a5401813c7a
-
SHA256
6c54dc7f97375dfa134a7a542dcb18616ddb18d81f1c5f324b7b04291770d0c4
-
SHA512
c4a72e89c655dbd54fe1f9ace1e5106b589f145a67226f857bb0d118036f244bf040c6043cd95ec89f4097c96789cf85b9954dc5a99df78417f1b349e34ad5f0
-
SSDEEP
24576:N3QwuLyEbVoCtPreIjNLoN/VNGeSQDx1m17zezKOkCzeJGFUJ:NgwuuEpdDLNwVMeXDL0fdSzAG
Behavioral task
behavioral1
Sample
6c54dc7f97375dfa134a7a542dcb18616ddb18d81f1c5f324b7b04291770d0c4.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
6c54dc7f97375dfa134a7a542dcb18616ddb18d81f1c5f324b7b04291770d0c4.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6c54dc7f97375dfa134a7a542dcb18616ddb18d81f1c5f324b7b04291770d0c4
-
Size
1.7MB
-
MD5
39f0dd73b6cd3626818cb2f1dc808fff
-
SHA1
5a75243e011e0b435225548d7d332a5401813c7a
-
SHA256
6c54dc7f97375dfa134a7a542dcb18616ddb18d81f1c5f324b7b04291770d0c4
-
SHA512
c4a72e89c655dbd54fe1f9ace1e5106b589f145a67226f857bb0d118036f244bf040c6043cd95ec89f4097c96789cf85b9954dc5a99df78417f1b349e34ad5f0
-
SSDEEP
24576:N3QwuLyEbVoCtPreIjNLoN/VNGeSQDx1m17zezKOkCzeJGFUJ:NgwuuEpdDLNwVMeXDL0fdSzAG
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-