General
-
Target
не запускай.exe
-
Size
3.1MB
-
Sample
240723-zmsd3a1ckd
-
MD5
8dd764f9b37bfdabf8cc40bdda049699
-
SHA1
114f79cdf04878cdf92a1db1756d0aedff5a28fb
-
SHA256
9697116da432e74bd2335a378e1943b8617fa7c10aa0db45026c879c872e1265
-
SHA512
0c49851c5fff60543a447a781666e7c1157309724d80792607e62ca3e11a1e89eecbb73785323c19dcf137698237e793a6088c7d9a3ad449c971dc56d1085051
-
SSDEEP
49152:qbA3u9QOoRaSZuxwi5ejmkIIWj9UDAU7x8jUYzVlZegWNAW5egrQt:qbfy/RaUme3Wj9UDAMiVzVl4TyCw
Behavioral task
behavioral1
Sample
не запускай.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
не запускай.exe
-
Size
3.1MB
-
MD5
8dd764f9b37bfdabf8cc40bdda049699
-
SHA1
114f79cdf04878cdf92a1db1756d0aedff5a28fb
-
SHA256
9697116da432e74bd2335a378e1943b8617fa7c10aa0db45026c879c872e1265
-
SHA512
0c49851c5fff60543a447a781666e7c1157309724d80792607e62ca3e11a1e89eecbb73785323c19dcf137698237e793a6088c7d9a3ad449c971dc56d1085051
-
SSDEEP
49152:qbA3u9QOoRaSZuxwi5ejmkIIWj9UDAU7x8jUYzVlZegWNAW5egrQt:qbfy/RaUme3Wj9UDAMiVzVl4TyCw
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-