General
-
Target
72d0cb65a851e5221a89b68994aea432ba72da0a2c213e26bb4b72d84420e026.exe
-
Size
1.6MB
-
Sample
240724-ckmdpsscql
-
MD5
54f5a8c78b6310f3d9dbba2e44348cfd
-
SHA1
ca0ff7bd6663c8d1f2583c304e086b8f00852c59
-
SHA256
72d0cb65a851e5221a89b68994aea432ba72da0a2c213e26bb4b72d84420e026
-
SHA512
af9657358f27bb3ec3761e27cebef776bddc7d7b29e090959b81c97307bcd1b7ee91ab7742f67dbf999cef4a7351d3d77a0fb76fb322c57c127fe6d7f7e62138
-
SSDEEP
24576:U2G/nvxW3Ww0tNExFU5I8g0elE6JC4Vs8yRfS0lDekCUMQprbjuhvKt:UbA30yu6pBVaVeTWpXqhe
Behavioral task
behavioral1
Sample
72d0cb65a851e5221a89b68994aea432ba72da0a2c213e26bb4b72d84420e026.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
72d0cb65a851e5221a89b68994aea432ba72da0a2c213e26bb4b72d84420e026.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
72d0cb65a851e5221a89b68994aea432ba72da0a2c213e26bb4b72d84420e026.exe
-
Size
1.6MB
-
MD5
54f5a8c78b6310f3d9dbba2e44348cfd
-
SHA1
ca0ff7bd6663c8d1f2583c304e086b8f00852c59
-
SHA256
72d0cb65a851e5221a89b68994aea432ba72da0a2c213e26bb4b72d84420e026
-
SHA512
af9657358f27bb3ec3761e27cebef776bddc7d7b29e090959b81c97307bcd1b7ee91ab7742f67dbf999cef4a7351d3d77a0fb76fb322c57c127fe6d7f7e62138
-
SSDEEP
24576:U2G/nvxW3Ww0tNExFU5I8g0elE6JC4Vs8yRfS0lDekCUMQprbjuhvKt:UbA30yu6pBVaVeTWpXqhe
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-