General
-
Target
RustStore_Setup.exe
-
Size
3.5MB
-
Sample
241004-dfkvra1bkm
-
MD5
4e4c8bd71f7875fac184a95f79fb1327
-
SHA1
e24f4fd00b568e2e278a1ec6f4b86181c393b025
-
SHA256
e23b924ff1c1b8a67aebc3b98711c63e12832e2bdd41ff8a52b15685bfabfc6d
-
SHA512
5b9f5592f364777fc1385b5a72699b39fc5f13b85fbfab24aef884d2446772a25cbc1cd6fc4c0716baf42259f6660f19511d603b17c4fcac736086cc15b3b2fa
-
SSDEEP
49152:hbA3C8Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBomh:hbeZThZSY82n/TVVK/4X4+ruE2nOmh
Behavioral task
behavioral1
Sample
RustStore_Setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RustStore_Setup.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
RustStore_Setup.exe
-
Size
3.5MB
-
MD5
4e4c8bd71f7875fac184a95f79fb1327
-
SHA1
e24f4fd00b568e2e278a1ec6f4b86181c393b025
-
SHA256
e23b924ff1c1b8a67aebc3b98711c63e12832e2bdd41ff8a52b15685bfabfc6d
-
SHA512
5b9f5592f364777fc1385b5a72699b39fc5f13b85fbfab24aef884d2446772a25cbc1cd6fc4c0716baf42259f6660f19511d603b17c4fcac736086cc15b3b2fa
-
SSDEEP
49152:hbA3C8Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBomh:hbeZThZSY82n/TVVK/4X4+ruE2nOmh
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-