General
-
Target
SolaraBootstrapper.exe
-
Size
1.5MB
-
Sample
240719-m1qq6sxdpk
-
MD5
fc883c9c23018f529b6df57a37752ee2
-
SHA1
5f144d9aa5c24c309baf6b2a6b9975795bfc5795
-
SHA256
84f0cb45e1f9d6f73ff0033ecc509cf19648a546966e381f227d89bd2ab5882a
-
SHA512
5c29d4ef5194455d662d04be687c5fd7923071991ec792e623bf58e299cd4a64a60d3193699eb16cd3f4395a87f579f19f3925d948cd8bcaf37a28439d1e5ca4
-
SSDEEP
24576:U2G/nvxW3Ww0tAcd/ADwvjwqeGOu98QhwrY//TgvCsOtZl8PeZUY:UbA30AG/ADp5G38U7xsOtZl8GH
Behavioral task
behavioral1
Sample
SolaraBootstrapper.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
SolaraBootstrapper.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
1.5MB
-
MD5
fc883c9c23018f529b6df57a37752ee2
-
SHA1
5f144d9aa5c24c309baf6b2a6b9975795bfc5795
-
SHA256
84f0cb45e1f9d6f73ff0033ecc509cf19648a546966e381f227d89bd2ab5882a
-
SHA512
5c29d4ef5194455d662d04be687c5fd7923071991ec792e623bf58e299cd4a64a60d3193699eb16cd3f4395a87f579f19f3925d948cd8bcaf37a28439d1e5ca4
-
SSDEEP
24576:U2G/nvxW3Ww0tAcd/ADwvjwqeGOu98QhwrY//TgvCsOtZl8PeZUY:UbA30AG/ADp5G38U7xsOtZl8GH
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-