General
-
Target
2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784.exe
-
Size
6.4MB
-
Sample
240618-tcgxpavapr
-
MD5
3ca68b395e2d0e4f88d7b99475c51c02
-
SHA1
87ed68df60b2ef39407a3ba61c7413df5523dcfb
-
SHA256
2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784
-
SHA512
4b74c524a1a5b63008a0fc4d26e5748776a63a6cc241f6b9feb0e381a4360b6062cefd6665219228944313566414895ed80f33af2d95e9ab7b091bae71549bd0
-
SSDEEP
196608:ZC8xheAvb1etrb1HElXwGsjqGPIsUGIUN7QQ:Z+SeBbmlAbjrAQs
Static task
static1
Behavioral task
behavioral1
Sample
2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784.exe
-
Size
6.4MB
-
MD5
3ca68b395e2d0e4f88d7b99475c51c02
-
SHA1
87ed68df60b2ef39407a3ba61c7413df5523dcfb
-
SHA256
2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784
-
SHA512
4b74c524a1a5b63008a0fc4d26e5748776a63a6cc241f6b9feb0e381a4360b6062cefd6665219228944313566414895ed80f33af2d95e9ab7b091bae71549bd0
-
SSDEEP
196608:ZC8xheAvb1etrb1HElXwGsjqGPIsUGIUN7QQ:Z+SeBbmlAbjrAQs
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-