General
-
Target
BuildCheck.exe
-
Size
1.1MB
-
Sample
240712-w1zthsvekj
-
MD5
08b061d017542bfb3113e1f36741458e
-
SHA1
4c3a0e20a289e7079dac9cce729549c1dcedabef
-
SHA256
e994b0ec8d2f25b78665dbcfc36f0477859ca13590f4da35fa30fb6c793bf704
-
SHA512
5fe3153cd130f6ee2940f9272fc5e98b4cbec53a7f243207e15e216bbbbeacdf8fdb57710d0d7a99d360f70e6c564588f8550196b7f1684ffcb17eb9b2c0bb87
-
SSDEEP
24576:U2G/nvxW3Ww0tGfgVu8ICsVzqoPwYQXX4a409etfkVY:UbA30Gku8voo1XXA0fq
Behavioral task
behavioral1
Sample
BuildCheck.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
BuildCheck.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
BuildCheck.exe
-
Size
1.1MB
-
MD5
08b061d017542bfb3113e1f36741458e
-
SHA1
4c3a0e20a289e7079dac9cce729549c1dcedabef
-
SHA256
e994b0ec8d2f25b78665dbcfc36f0477859ca13590f4da35fa30fb6c793bf704
-
SHA512
5fe3153cd130f6ee2940f9272fc5e98b4cbec53a7f243207e15e216bbbbeacdf8fdb57710d0d7a99d360f70e6c564588f8550196b7f1684ffcb17eb9b2c0bb87
-
SSDEEP
24576:U2G/nvxW3Ww0tGfgVu8ICsVzqoPwYQXX4a409etfkVY:UbA30Gku8voo1XXA0fq
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-