General
-
Target
06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a.exe
-
Size
995KB
-
Sample
240714-kh77dstbnm
-
MD5
9eda902b52d2ab86289bf558788bbc02
-
SHA1
e7de6294a4c00c5f5be1481d685e73ec8e394759
-
SHA256
06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a
-
SHA512
f77ab04dd0404ab079f54050b2f0c069c77363514d8c6934c75a7ecaee251643d47f65f54c3004eb001e50c54e202276e53c70146c747cc975ad35248287f597
-
SSDEEP
24576:8y55HPeub3xumiFgmGCmf6fDElmg50Ax93R+H:8y55xxumMkTx93
Behavioral task
behavioral1
Sample
06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a.exe
-
Size
995KB
-
MD5
9eda902b52d2ab86289bf558788bbc02
-
SHA1
e7de6294a4c00c5f5be1481d685e73ec8e394759
-
SHA256
06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a
-
SHA512
f77ab04dd0404ab079f54050b2f0c069c77363514d8c6934c75a7ecaee251643d47f65f54c3004eb001e50c54e202276e53c70146c747cc975ad35248287f597
-
SSDEEP
24576:8y55HPeub3xumiFgmGCmf6fDElmg50Ax93R+H:8y55xxumMkTx93
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-