General
-
Target
285bc42ebd4be5f3acdae7b575af64bf.exe
-
Size
1.3MB
-
Sample
240623-ehcgtsygrc
-
MD5
285bc42ebd4be5f3acdae7b575af64bf
-
SHA1
64a3d370b20bea1fc84130caaf3453c388cc0def
-
SHA256
90b1c491ebd369f524e0343718ac18651ffee650df5b887123a53430a55f7baf
-
SHA512
edce9a2aab3214c23ca0d82051b24128a531e8b80e8df005b85b4e1f3f51e6588380b5459264329cf3cf13d8919bc75424f6a272a0e18ae9c4664a9719d1d947
-
SSDEEP
24576:NX2fnpyce4ZH1mT/MaKQoTSBNHd3ZDZgBiCUsDLsNRvya:NX2ZejTUaKZ+BNH/DZgBENRv
Behavioral task
behavioral1
Sample
285bc42ebd4be5f3acdae7b575af64bf.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
285bc42ebd4be5f3acdae7b575af64bf.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
285bc42ebd4be5f3acdae7b575af64bf.exe
-
Size
1.3MB
-
MD5
285bc42ebd4be5f3acdae7b575af64bf
-
SHA1
64a3d370b20bea1fc84130caaf3453c388cc0def
-
SHA256
90b1c491ebd369f524e0343718ac18651ffee650df5b887123a53430a55f7baf
-
SHA512
edce9a2aab3214c23ca0d82051b24128a531e8b80e8df005b85b4e1f3f51e6588380b5459264329cf3cf13d8919bc75424f6a272a0e18ae9c4664a9719d1d947
-
SSDEEP
24576:NX2fnpyce4ZH1mT/MaKQoTSBNHd3ZDZgBiCUsDLsNRvya:NX2ZejTUaKZ+BNH/DZgBENRv
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-