General
-
Target
Solara.exe
-
Size
1.1MB
-
Sample
240619-kt8bjasarj
-
MD5
acee5644ad59ba6c5a363663a65b2a00
-
SHA1
02d2d5358dfc251d8b7f5167dc20ad3c2abe9ab3
-
SHA256
0325dc4baa3cf6ab4175903098dfa2fdeb5d711bc47ae6821652d2da5257aa50
-
SHA512
22ecb2dc777066ecfe08b0daaa1a99771e7fe1f821de40d7d1c9f9442dc627edb8da83c65356f452941dc19eadd6be71950564359e1be367d9d598d243e68d58
-
SSDEEP
24576:U2G/nvxW3Ww0tBI+wAUpn1Zeq++RVkXLEpoDNq:UbA30BfwAlaRVCaX
Behavioral task
behavioral1
Sample
Solara.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Solara.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Solara.exe
-
Size
1.1MB
-
MD5
acee5644ad59ba6c5a363663a65b2a00
-
SHA1
02d2d5358dfc251d8b7f5167dc20ad3c2abe9ab3
-
SHA256
0325dc4baa3cf6ab4175903098dfa2fdeb5d711bc47ae6821652d2da5257aa50
-
SHA512
22ecb2dc777066ecfe08b0daaa1a99771e7fe1f821de40d7d1c9f9442dc627edb8da83c65356f452941dc19eadd6be71950564359e1be367d9d598d243e68d58
-
SSDEEP
24576:U2G/nvxW3Ww0tBI+wAUpn1Zeq++RVkXLEpoDNq:UbA30BfwAlaRVCaX
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-