General
-
Target
setup casino.msi
-
Size
2.1MB
-
Sample
240718-jmmktaselb
-
MD5
84ab6181a31b1e3fa12b4f02232d7d76
-
SHA1
b1e00a7042b549dd6a2d33f6fceec203319032f6
-
SHA256
46f147b5b85dc612ec84ee8374442a90c6ab1c4ad9633a79e2c0c06693f6acc5
-
SHA512
0a78f96bc38a7bc8c2f5a654d53917e0ad5ffa97e87a6c8186083ba964bcc906f760a89fe1f87e18401ec97a1a6ef13d1d28960c201c99c37b96f906c31d48b2
-
SSDEEP
24576:U2G/nvxW3Ww0t3/zc4VamhOsJ5RnPQfV8N8cqKuAsqh9k9sUn5yYr8XLFNBxN8yq:UbA303/zc4jhoiSnqkxYYr8XLV8yr9TA
Behavioral task
behavioral1
Sample
setup casino.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
setup casino.msi
-
Size
2.1MB
-
MD5
84ab6181a31b1e3fa12b4f02232d7d76
-
SHA1
b1e00a7042b549dd6a2d33f6fceec203319032f6
-
SHA256
46f147b5b85dc612ec84ee8374442a90c6ab1c4ad9633a79e2c0c06693f6acc5
-
SHA512
0a78f96bc38a7bc8c2f5a654d53917e0ad5ffa97e87a6c8186083ba964bcc906f760a89fe1f87e18401ec97a1a6ef13d1d28960c201c99c37b96f906c31d48b2
-
SSDEEP
24576:U2G/nvxW3Ww0t3/zc4VamhOsJ5RnPQfV8N8cqKuAsqh9k9sUn5yYr8XLFNBxN8yq:UbA303/zc4jhoiSnqkxYYr8XLV8yr9TA
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-