General
-
Target
Ref.exe
-
Size
1.8MB
-
Sample
240622-ylbjgswfnl
-
MD5
fa160d309b396d01cbdb477716f76c32
-
SHA1
a5dac93650849cdcb22704b0994bff42d899c4a6
-
SHA256
96faf0c77d1f0a40f95a41625eede49eefcf097e85d51e85d81285708fd748ee
-
SHA512
c74f8b76d05a1f82a268847a67e209319daa2da1d3a605506c427781081032071ff22aa44ffa9dc933a00e3add40a74df65bbc0c9e32abe432fa0dc798f9a5d3
-
SSDEEP
49152:UbA301UISJDFkeh8K6028WbYSGMEMc2jsI9ImlW:UbhUISJDFX60tWkSFcc9IN
Behavioral task
behavioral1
Sample
Ref.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Ref.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Ref.exe
-
Size
1.8MB
-
MD5
fa160d309b396d01cbdb477716f76c32
-
SHA1
a5dac93650849cdcb22704b0994bff42d899c4a6
-
SHA256
96faf0c77d1f0a40f95a41625eede49eefcf097e85d51e85d81285708fd748ee
-
SHA512
c74f8b76d05a1f82a268847a67e209319daa2da1d3a605506c427781081032071ff22aa44ffa9dc933a00e3add40a74df65bbc0c9e32abe432fa0dc798f9a5d3
-
SSDEEP
49152:UbA301UISJDFkeh8K6028WbYSGMEMc2jsI9ImlW:UbhUISJDFX60tWkSFcc9IN
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-