General
-
Target
nursultan alpha.exe
-
Size
2.1MB
-
Sample
240718-l1vjpatcml
-
MD5
5a7e4da699bce68005b413cdd318e9de
-
SHA1
cee6614980f50810d19c3c18d242d97400078a75
-
SHA256
b27372b955d8e6cf46a3d36826511468504f8d58b5f24720351bf85f123cfea5
-
SHA512
7dafdd1ba9941b2f332f596ceefb6e9e07768f63586a4a21b4a31bbe66b890e62935a38e82a7665b1154c66fe015b4ff68144885389fdc4318670f8c878cad3c
-
SSDEEP
49152:UbA30/p0cfOZx9yRLMjyDYfG0TssZGe4lbY:UbTbfO40r3TssTgY
Behavioral task
behavioral1
Sample
nursultan alpha.exe
Resource
win11-20240709-en
Malware Config
Targets
-
-
Target
nursultan alpha.exe
-
Size
2.1MB
-
MD5
5a7e4da699bce68005b413cdd318e9de
-
SHA1
cee6614980f50810d19c3c18d242d97400078a75
-
SHA256
b27372b955d8e6cf46a3d36826511468504f8d58b5f24720351bf85f123cfea5
-
SHA512
7dafdd1ba9941b2f332f596ceefb6e9e07768f63586a4a21b4a31bbe66b890e62935a38e82a7665b1154c66fe015b4ff68144885389fdc4318670f8c878cad3c
-
SSDEEP
49152:UbA30/p0cfOZx9yRLMjyDYfG0TssZGe4lbY:UbTbfO40r3TssTgY
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-