General
-
Target
592209c622e77aae9a7a9b3c76a80d5f.exe
-
Size
828KB
-
Sample
241004-nc5qvsveqh
-
MD5
592209c622e77aae9a7a9b3c76a80d5f
-
SHA1
e83c0edfb1b624cb0ca1aa53ac73261930816581
-
SHA256
39c548d4cf4fdfb68e52b2efab294b4c55fcb9f7053fd5a8eba1224671f16688
-
SHA512
30dd0f90ef89d1a2be53ebd599602aa3aa0b09d3e5ab7b94a4badb032161466cb90d6ce563948a6c8043a2ad396df62d40dae89f1fd7620a2403f51c48435003
-
SSDEEP
12288:3axeKG7goA26EGIXA0XKjVNrGLVPEVYYNN1En:AU7goA24IXA0XKjYEjNzEn
Behavioral task
behavioral1
Sample
592209c622e77aae9a7a9b3c76a80d5f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
592209c622e77aae9a7a9b3c76a80d5f.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
592209c622e77aae9a7a9b3c76a80d5f.exe
-
Size
828KB
-
MD5
592209c622e77aae9a7a9b3c76a80d5f
-
SHA1
e83c0edfb1b624cb0ca1aa53ac73261930816581
-
SHA256
39c548d4cf4fdfb68e52b2efab294b4c55fcb9f7053fd5a8eba1224671f16688
-
SHA512
30dd0f90ef89d1a2be53ebd599602aa3aa0b09d3e5ab7b94a4badb032161466cb90d6ce563948a6c8043a2ad396df62d40dae89f1fd7620a2403f51c48435003
-
SSDEEP
12288:3axeKG7goA26EGIXA0XKjVNrGLVPEVYYNN1En:AU7goA24IXA0XKjYEjNzEn
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-