General
-
Target
Celestial Crack.zip
-
Size
18.3MB
-
Sample
240716-tzhsha1cnq
-
MD5
3c002d22691e03979237c9b2e59b68fe
-
SHA1
4eb08de136c65c39ac50cce1eb933f0ebdb32a58
-
SHA256
3d5c1e8b26ab2596b9109d465b2edaaecea6e19b1a976a102b2a855249d70915
-
SHA512
b8a40611097d6875e47c76cfa8c8429bf457a6d240f9bc4e4d95a696acfaf87092e9cf29f03131b515c30e5aa03ffe210ae53f788fdcc2906972e963ebeab84f
-
SSDEEP
393216:7bXvrdREdINeW/FJxcd6CZMczYrjpJViNyfBJNPrTZAHd5s:fBREdIfdG6C9YHNHfB3PROdu
Behavioral task
behavioral1
Sample
Celestial Crack.zip
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Celestial Crack.zip
-
Size
18.3MB
-
MD5
3c002d22691e03979237c9b2e59b68fe
-
SHA1
4eb08de136c65c39ac50cce1eb933f0ebdb32a58
-
SHA256
3d5c1e8b26ab2596b9109d465b2edaaecea6e19b1a976a102b2a855249d70915
-
SHA512
b8a40611097d6875e47c76cfa8c8429bf457a6d240f9bc4e4d95a696acfaf87092e9cf29f03131b515c30e5aa03ffe210ae53f788fdcc2906972e963ebeab84f
-
SSDEEP
393216:7bXvrdREdINeW/FJxcd6CZMczYrjpJViNyfBJNPrTZAHd5s:fBREdIfdG6C9YHNHfB3PROdu
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-