General
-
Target
EXCheker.rar
-
Size
954KB
-
Sample
240618-knyvxawbqg
-
MD5
e69eb402522292a72d53e50d29c7b7ec
-
SHA1
b471f17c18667453cfc887f7657aa863893d0d50
-
SHA256
4da4cda309e6e284c0c6f123014672cf5b964f528ae86faa0a6e94ce32a4e6e2
-
SHA512
a126ce0ed398d8a811d4f77f9d724f64a2df03d1d06a4bedf5cc20492601ae3940f24aa83fdaeb91a474313632acf90119edaff8744fde35ebd9de02a824616b
-
SSDEEP
24576:I9OkMi02D3p9Yum0L52i+/FmpN3zWL0J8lwrv:kOVSLp9U0Ujwj3vB
Behavioral task
behavioral1
Sample
EXCheker.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
EXCheker.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
EXCheker.exe
-
Size
1.5MB
-
MD5
ff32bd586d0af58e9493e280aecede6f
-
SHA1
4a2eb75e64d77efec9d1433fe64da22a0aa9c5ae
-
SHA256
2a30bba0c5a51d46169706ad3caf8a6ef1406348694e60b6abde03284a9fbf09
-
SHA512
163ea230987fe587798810c20837370bd6e23cba296f83089ecd1780937dea558fa1c843d696ea0b5d44bea355a60b2f58da6784b41d9540b19f82e6b4a7819f
-
SSDEEP
24576:U2G/nvxW3Ww0tPVFbA5U0nK/OTjEnVa/32TogBptlDQhW+qFviHfkjdql8s:UbA30PVCjKtEw+HfBl7
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-