General
-
Target
17df189cef5f2bdadd4265e9d5b2bf2408bbf5905389b6788aaa21bd59d889b2.exe
-
Size
1.1MB
-
Sample
240601-bfg3racb5v
-
MD5
a65ef974cf4bc255d44fa7ab8acddf50
-
SHA1
dfbf0babf43166796c2f5cef62742e9bfc00c55b
-
SHA256
17df189cef5f2bdadd4265e9d5b2bf2408bbf5905389b6788aaa21bd59d889b2
-
SHA512
18bb4f417e84fea2c9b1eb20658c9bcb9a6317a50462db9c490b03ac7f7176d5c2a7c6cde9253a2991df70e866350c93ffe4ff2120f2ae85e26361d764a765dc
-
SSDEEP
24576:n8mNQarw3m8/2W9WRr0Lnw8Zaxy5KcT0zY/Or:DQa2/IRjc5K6
Behavioral task
behavioral1
Sample
17df189cef5f2bdadd4265e9d5b2bf2408bbf5905389b6788aaa21bd59d889b2.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
17df189cef5f2bdadd4265e9d5b2bf2408bbf5905389b6788aaa21bd59d889b2.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
17df189cef5f2bdadd4265e9d5b2bf2408bbf5905389b6788aaa21bd59d889b2.exe
-
Size
1.1MB
-
MD5
a65ef974cf4bc255d44fa7ab8acddf50
-
SHA1
dfbf0babf43166796c2f5cef62742e9bfc00c55b
-
SHA256
17df189cef5f2bdadd4265e9d5b2bf2408bbf5905389b6788aaa21bd59d889b2
-
SHA512
18bb4f417e84fea2c9b1eb20658c9bcb9a6317a50462db9c490b03ac7f7176d5c2a7c6cde9253a2991df70e866350c93ffe4ff2120f2ae85e26361d764a765dc
-
SSDEEP
24576:n8mNQarw3m8/2W9WRr0Lnw8Zaxy5KcT0zY/Or:DQa2/IRjc5K6
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-