General
-
Target
6c7fde4165740cae2be470e3560d4600N
-
Size
1.7MB
-
Sample
240907-28r2ja1bnl
-
MD5
6c7fde4165740cae2be470e3560d4600
-
SHA1
5598a613d702d5cf9eb578eab6b28f5d61ff3d63
-
SHA256
553e75e0d6c35cb71667c45af798ceaefd6468961a73562142536fe3e633136e
-
SHA512
61fa46b84fedfeb60f1ef2b3f232eca85e1d70dcbde049486614cbb9f5159e2278dd652da7c5f7dc5fd2de1eba4644a5e15af77d4cdf62351cc62134f2d3722f
-
SSDEEP
24576:Pqfj/pKWIEcpP2WtjiLjrjCv8AAaIJr2CuLpZ6dqCevofVOhZjgw9pmF8wQOToDX:yU1u5yvZABRgNgECevvsc/wQO0Dx
Malware Config
Targets
-
-
Target
6c7fde4165740cae2be470e3560d4600N
-
Size
1.7MB
-
MD5
6c7fde4165740cae2be470e3560d4600
-
SHA1
5598a613d702d5cf9eb578eab6b28f5d61ff3d63
-
SHA256
553e75e0d6c35cb71667c45af798ceaefd6468961a73562142536fe3e633136e
-
SHA512
61fa46b84fedfeb60f1ef2b3f232eca85e1d70dcbde049486614cbb9f5159e2278dd652da7c5f7dc5fd2de1eba4644a5e15af77d4cdf62351cc62134f2d3722f
-
SSDEEP
24576:Pqfj/pKWIEcpP2WtjiLjrjCv8AAaIJr2CuLpZ6dqCevofVOhZjgw9pmF8wQOToDX:yU1u5yvZABRgNgECevvsc/wQO0Dx
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-