General
-
Target
8afdf3a8d8d1dd5e8268ff1b0a2d5892_JaffaCakes118
-
Size
2.4MB
-
Sample
240601-tjnntagb9x
-
MD5
8afdf3a8d8d1dd5e8268ff1b0a2d5892
-
SHA1
56c0f4cb77b15bebf37fa9b04056a3f8b1967448
-
SHA256
cfa4c2dd4f3589460c4f54c80f78e2065be7d5594f2196a04f5dff38c496120a
-
SHA512
c0e3bcc3c33ff7540887ac42d79a67109d0bdc83ec3188a6ecee0501df3406a28f5263d30428d740dc775feb97363541d73f4fc32ee263f4b760bf6a314ef314
-
SSDEEP
49152:s6By4HXlc1GQqRFtlry2jFwIKzczbgPeJrixIzirR/1a8e2WWntJsKV2:VXlc1xqRFtd/KzYOIix7rR/w8e2LPs7
Static task
static1
Behavioral task
behavioral1
Sample
8afdf3a8d8d1dd5e8268ff1b0a2d5892_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8afdf3a8d8d1dd5e8268ff1b0a2d5892_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
8afdf3a8d8d1dd5e8268ff1b0a2d5892_JaffaCakes118
-
Size
2.4MB
-
MD5
8afdf3a8d8d1dd5e8268ff1b0a2d5892
-
SHA1
56c0f4cb77b15bebf37fa9b04056a3f8b1967448
-
SHA256
cfa4c2dd4f3589460c4f54c80f78e2065be7d5594f2196a04f5dff38c496120a
-
SHA512
c0e3bcc3c33ff7540887ac42d79a67109d0bdc83ec3188a6ecee0501df3406a28f5263d30428d740dc775feb97363541d73f4fc32ee263f4b760bf6a314ef314
-
SSDEEP
49152:s6By4HXlc1GQqRFtlry2jFwIKzczbgPeJrixIzirR/1a8e2WWntJsKV2:VXlc1xqRFtd/KzYOIix7rR/w8e2LPs7
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-