General
-
Target
FunCheker.zip
-
Size
1.9MB
-
Sample
240722-xwylbstbjc
-
MD5
24205851c5a1e2bfefee855b74062623
-
SHA1
38b96b174bba5662262bc8243e1a10492b4b6191
-
SHA256
0cf56a65f8c8d0147fae630441e029d4c0c739ddf1198e8f4eedb1778fe16ed9
-
SHA512
f211845b870344066124bce8c60708133a297387ae76afa1c48878244daaadafa6538117201cfe713aba311ce46d214a6260a5da736f62aed3d025e4fe775863
-
SSDEEP
24576:8+KmfBSVq3qeyJ+rHRku1J4RNe5+fyrk5wByKZi6SNbqYi7ZvuOW51zwQY89dZVy:Qoz3qeyJ+rHRX1J2vYB9Z+bqSP510QY3
Static task
static1
Behavioral task
behavioral1
Sample
FunCheker.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
FunCheker.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
FunCheker.exe
-
Size
1.9MB
-
MD5
a69f81ab8922f56e786c95000e4ea238
-
SHA1
eec04e5776a155f4445260b46f8fa3b139ccedef
-
SHA256
c36b87352873121329f10440ce883510be4c7d829d6afe7ee28664b79cddfd8d
-
SHA512
de9a791be937925f0ab9d665e6282237f78b4b14f11e539bbcb9dd1ee95b0421a00ab841adb97ed3f41d3d92d94a569728edb486940afb690114bf825a42aeab
-
SSDEEP
49152:mIduhWrW/Si9FPOcS/up3M4vsEVXxQ4mxS5WDK:BuMr6zxSmp8Bi6I
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies security service
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-