General
-
Target
1deb00cff6555ece35fe0efab318157f.exe
-
Size
1.3MB
-
Sample
240602-p8zedsdg93
-
MD5
1deb00cff6555ece35fe0efab318157f
-
SHA1
612c66abb6befaefa48af8fe5f5aac9a48fa9846
-
SHA256
6b244947ef595c13d24c2121da10beebb1ab3b10c52a04e6b1a104d3c237798b
-
SHA512
0639c0646d7dc6925dfc4fd3f3886321b8b9612727d50b0b619d850419d96dadf58ab17f918001b8094d8450934b1b83c9102fe135823151334358545d1a655d
-
SSDEEP
24576:9xp2Oo8yg+sy9X+Q64TNVdsxGdrFN7EUBHOt2f:hDKYQR5DEUB
Behavioral task
behavioral1
Sample
1deb00cff6555ece35fe0efab318157f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1deb00cff6555ece35fe0efab318157f.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
1deb00cff6555ece35fe0efab318157f.exe
-
Size
1.3MB
-
MD5
1deb00cff6555ece35fe0efab318157f
-
SHA1
612c66abb6befaefa48af8fe5f5aac9a48fa9846
-
SHA256
6b244947ef595c13d24c2121da10beebb1ab3b10c52a04e6b1a104d3c237798b
-
SHA512
0639c0646d7dc6925dfc4fd3f3886321b8b9612727d50b0b619d850419d96dadf58ab17f918001b8094d8450934b1b83c9102fe135823151334358545d1a655d
-
SSDEEP
24576:9xp2Oo8yg+sy9X+Q64TNVdsxGdrFN7EUBHOt2f:hDKYQR5DEUB
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-