General
-
Target
4021df69fad7e54ef1154a5322b1eece.exe
-
Size
2.2MB
-
Sample
240623-fdy1pszgnh
-
MD5
4021df69fad7e54ef1154a5322b1eece
-
SHA1
ece1a3140a5a394c4a57f110609b9d494e6f59f5
-
SHA256
3bf9e41b570eeb923ed1f44e1fffa81fbd3dfe9f0324c594327d2d271af8cc6f
-
SHA512
0e0a18d8b319f2ff1de023ef8f43d905bbb47e08515ce91a02a868c5ed948fb02ee62576967512582c67da5593618526be8ae272a6e9b3fc4c664d40bd51e9d4
-
SSDEEP
49152:HHoNElLsaAB3Olt0BSXYAnjE5fqpCUdwUencN:HHjlLsxeAIj5pCwe
Behavioral task
behavioral1
Sample
4021df69fad7e54ef1154a5322b1eece.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4021df69fad7e54ef1154a5322b1eece.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
4021df69fad7e54ef1154a5322b1eece.exe
-
Size
2.2MB
-
MD5
4021df69fad7e54ef1154a5322b1eece
-
SHA1
ece1a3140a5a394c4a57f110609b9d494e6f59f5
-
SHA256
3bf9e41b570eeb923ed1f44e1fffa81fbd3dfe9f0324c594327d2d271af8cc6f
-
SHA512
0e0a18d8b319f2ff1de023ef8f43d905bbb47e08515ce91a02a868c5ed948fb02ee62576967512582c67da5593618526be8ae272a6e9b3fc4c664d40bd51e9d4
-
SSDEEP
49152:HHoNElLsaAB3Olt0BSXYAnjE5fqpCUdwUencN:HHjlLsxeAIj5pCwe
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-