General
-
Target
ADA563883BF3A762A5610A0DECE18B0D.exe
-
Size
1.1MB
-
Sample
240728-fx5btstbpd
-
MD5
ada563883bf3a762a5610a0dece18b0d
-
SHA1
666d86ca4ce9920d950ae73f0bf031f84078d78c
-
SHA256
94f11d5cb25d38c9a50a91dbdc481de91fbc7dd6f647d7638d84138ed0d24a21
-
SHA512
5843db2c8fafd2ce75484fab2efc7ba0d7c389a8ea9c0c1738c784e401db0674f83651e7ff786be9897bbe52c485d1123163fd74c4b27df3bb3b82df47d52511
-
SSDEEP
24576:U2G/nvxW3Ww0twiDWtUi+zDIvECjbuqj2aksQ7a4:UbA30vWozp84B
Behavioral task
behavioral1
Sample
ADA563883BF3A762A5610A0DECE18B0D.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ADA563883BF3A762A5610A0DECE18B0D.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
ADA563883BF3A762A5610A0DECE18B0D.exe
-
Size
1.1MB
-
MD5
ada563883bf3a762a5610a0dece18b0d
-
SHA1
666d86ca4ce9920d950ae73f0bf031f84078d78c
-
SHA256
94f11d5cb25d38c9a50a91dbdc481de91fbc7dd6f647d7638d84138ed0d24a21
-
SHA512
5843db2c8fafd2ce75484fab2efc7ba0d7c389a8ea9c0c1738c784e401db0674f83651e7ff786be9897bbe52c485d1123163fd74c4b27df3bb3b82df47d52511
-
SSDEEP
24576:U2G/nvxW3Ww0twiDWtUi+zDIvECjbuqj2aksQ7a4:UbA30vWozp84B
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-