General
-
Target
softby1.exe
-
Size
1.4MB
-
Sample
240723-p9l6fs1dkn
-
MD5
7070ff714b2d121f76a720f5956a9b5c
-
SHA1
2451af3bea47759db4b363b8bcfef2fbddc32757
-
SHA256
e2ee99b8a63398c2801c741a5d34a8407e15f0ab02071ee3ed5241d81e4f87b9
-
SHA512
652dca08b7d380bba880023b57d37b6af6cde2c78cd98a15ebb28d3e8242ff492dc65d2f3292e05c628409dc11dc07c940ca24348e3ab84baf295e514001cbb3
-
SSDEEP
24576:U2G/nvxW3Ww0tz0ybzboC40b/IwQSETTrn/BBhA/nJTbEHzsS/y:UbA30z0ykC40nEIdSzsZ
Behavioral task
behavioral1
Sample
softby1.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
softby1.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
softby1.exe
-
Size
1.4MB
-
MD5
7070ff714b2d121f76a720f5956a9b5c
-
SHA1
2451af3bea47759db4b363b8bcfef2fbddc32757
-
SHA256
e2ee99b8a63398c2801c741a5d34a8407e15f0ab02071ee3ed5241d81e4f87b9
-
SHA512
652dca08b7d380bba880023b57d37b6af6cde2c78cd98a15ebb28d3e8242ff492dc65d2f3292e05c628409dc11dc07c940ca24348e3ab84baf295e514001cbb3
-
SSDEEP
24576:U2G/nvxW3Ww0tz0ybzboC40b/IwQSETTrn/BBhA/nJTbEHzsS/y:UbA30z0ykC40nEIdSzsZ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-