General
-
Target
499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248.exe
-
Size
1.4MB
-
Sample
241003-brg7wsxckr
-
MD5
58e2bd4ea00cd07e739bcb498a4034df
-
SHA1
59646543130de9149932b00ce032380a596f1801
-
SHA256
499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248
-
SHA512
9a327796f95b23be6b9a464a88c24c0bc6066b938cf930667d149fe80478b2d8bdaebf4d0237de1e5db0fae43f770aa85f088677f5ccc6999a96d7ec07191623
-
SSDEEP
24576:c+cqpmHHCv9Rn25gVq++Sr9rQaQNtnkuRnczBcQ/H7so6:c+wH+R99FQX1ZLQD
Behavioral task
behavioral1
Sample
499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248.exe
-
Size
1.4MB
-
MD5
58e2bd4ea00cd07e739bcb498a4034df
-
SHA1
59646543130de9149932b00ce032380a596f1801
-
SHA256
499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248
-
SHA512
9a327796f95b23be6b9a464a88c24c0bc6066b938cf930667d149fe80478b2d8bdaebf4d0237de1e5db0fae43f770aa85f088677f5ccc6999a96d7ec07191623
-
SSDEEP
24576:c+cqpmHHCv9Rn25gVq++Sr9rQaQNtnkuRnczBcQ/H7so6:c+wH+R99FQX1ZLQD
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-