General
-
Target
586551303debdcf610645e79397bba4d.bin
-
Size
594KB
-
Sample
240623-cb9gwayfpm
-
MD5
d8d31019b25f7158863b69a6212ee5e3
-
SHA1
cf3e2fdc2b9117c1b5c6a0c8a5b09c600a9f2027
-
SHA256
d1b20b4ecb2d74b150db9e5f50c3345035ad8ac8517f0f27b0bd4fb12aeef730
-
SHA512
242e12cf3a17699a31052ecf47020e63251dda854de53f3fa09bdbd04780b49b12b4c9f63eb6b26364805bba813015de8f3b666972f8587e2a23cab1024c5161
-
SSDEEP
12288:2qNNZWg9b1rr1ZJ0U64fKXZlMHafReBFj5lL37T4lFrPPw45WH7I0ENXhu9:PzDb2fxenjf34zrnw45WH7Iy9
Behavioral task
behavioral1
Sample
2d578ea6dc9a22d8b7ef1ed05429560daebb9847de4c4e42d84de61b2cecb8d9.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2d578ea6dc9a22d8b7ef1ed05429560daebb9847de4c4e42d84de61b2cecb8d9.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2d578ea6dc9a22d8b7ef1ed05429560daebb9847de4c4e42d84de61b2cecb8d9.exe
-
Size
1.1MB
-
MD5
586551303debdcf610645e79397bba4d
-
SHA1
3ebc6e5ae076f40c5b65a955549efb20af93db4c
-
SHA256
2d578ea6dc9a22d8b7ef1ed05429560daebb9847de4c4e42d84de61b2cecb8d9
-
SHA512
21cab4ac88765f77682f8271d9de126b92fc57e793b702c7ae8d5aefefdfb245c2ad1b9880635ebdfc857ed6739fa9582a4380f7c95545aa8261526e812072a7
-
SSDEEP
24576:U2G/nvxW3Ww0tfSxBXpxsfdnRegCieaho8AAe:UbA30f8xsVnRegCXQfO
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-