General
-
Target
apex_rewrite.exe
-
Size
3.4MB
-
Sample
240602-nhfc6abd8t
-
MD5
bb662e9c860cbf0136f78e508ea7d458
-
SHA1
13dacd7e2a7c543340f7562a4834ceb4c706bb27
-
SHA256
62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6
-
SHA512
2b370b37e8db1ed7216ba416757aaa81e75e516ab57d1fe490d386bf8b8755fcedc9e53f4b3580f95f038aecc2d5e6f649f32013287fc151c8021730971eb617
-
SSDEEP
49152:3H5RHq31cvDU+pUdnPMUc7QLLc4/m9dZfcEdMHKmEK0a+ym3C094CMba2xbSZhNX:JfQ+pUdjLLLcLDfc2MqLa+L952mhIB8
Static task
static1
Behavioral task
behavioral1
Sample
apex_rewrite.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
apex_rewrite.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
apex_rewrite.exe
-
Size
3.4MB
-
MD5
bb662e9c860cbf0136f78e508ea7d458
-
SHA1
13dacd7e2a7c543340f7562a4834ceb4c706bb27
-
SHA256
62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6
-
SHA512
2b370b37e8db1ed7216ba416757aaa81e75e516ab57d1fe490d386bf8b8755fcedc9e53f4b3580f95f038aecc2d5e6f649f32013287fc151c8021730971eb617
-
SSDEEP
49152:3H5RHq31cvDU+pUdnPMUc7QLLc4/m9dZfcEdMHKmEK0a+ym3C094CMba2xbSZhNX:JfQ+pUdjLLLcLDfc2MqLa+L952mhIB8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-