General
-
Target
87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01.exe
-
Size
828KB
-
Sample
240601-bmvmesdc34
-
MD5
49b61d151699e4fa7e5530b05455450e
-
SHA1
6c292332561fdbd00163b45bdf8f3eee737fadee
-
SHA256
87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01
-
SHA512
19ac471f2ff96c09030fd453008cc9744259280af43e87a01329b3378a263ad49ead6c0f4ca14a4223623f7fda116cea8f1f10fdac4cff100c037891059860bd
-
SSDEEP
12288:ql20oWgRNeR1k5u5cKO6bnfk2jyFdXYygXQARV/pJ:qlqR8R1l5cKvbdjyFdYytg/pJ
Behavioral task
behavioral1
Sample
87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01.exe
-
Size
828KB
-
MD5
49b61d151699e4fa7e5530b05455450e
-
SHA1
6c292332561fdbd00163b45bdf8f3eee737fadee
-
SHA256
87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01
-
SHA512
19ac471f2ff96c09030fd453008cc9744259280af43e87a01329b3378a263ad49ead6c0f4ca14a4223623f7fda116cea8f1f10fdac4cff100c037891059860bd
-
SSDEEP
12288:ql20oWgRNeR1k5u5cKO6bnfk2jyFdXYygXQARV/pJ:qlqR8R1l5cKvbdjyFdYytg/pJ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-