General
-
Target
17642c8384eee7b5c1912c9e7abb87ef.exe
-
Size
829KB
-
Sample
240623-ggab7avgrm
-
MD5
17642c8384eee7b5c1912c9e7abb87ef
-
SHA1
dd897085ab58092fb9137dd6d86689d5d0fb2016
-
SHA256
154a047540d3401fb123815cd6c5433bca0761c0064caae3acf02c0073471d05
-
SHA512
1691d1d6152640ccca1bdc5e1b5b08d550b7be1211f599b9f68fd5c406a300bceeaadd808eb20090ec4d523972c6fd3e29d59fac005f37130e85cff3560ccaef
-
SSDEEP
12288:eaoVtb+gqbqWJIitrvPh54EI41sdmH7dYkv5CA58:ejLb+gqbuitr3DB0mHymCC8
Behavioral task
behavioral1
Sample
17642c8384eee7b5c1912c9e7abb87ef.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
17642c8384eee7b5c1912c9e7abb87ef.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
17642c8384eee7b5c1912c9e7abb87ef.exe
-
Size
829KB
-
MD5
17642c8384eee7b5c1912c9e7abb87ef
-
SHA1
dd897085ab58092fb9137dd6d86689d5d0fb2016
-
SHA256
154a047540d3401fb123815cd6c5433bca0761c0064caae3acf02c0073471d05
-
SHA512
1691d1d6152640ccca1bdc5e1b5b08d550b7be1211f599b9f68fd5c406a300bceeaadd808eb20090ec4d523972c6fd3e29d59fac005f37130e85cff3560ccaef
-
SSDEEP
12288:eaoVtb+gqbqWJIitrvPh54EI41sdmH7dYkv5CA58:ejLb+gqbuitr3DB0mHymCC8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-