General
-
Target
f33cb818506699190556413520aea94529eceeb0129e2337b13311bbba3aea00N
-
Size
1.8MB
-
Sample
241026-xqbjlsxflb
-
MD5
a1f7dc028623603fc6679da86c395a50
-
SHA1
cbdbe7473a73038476616db88de8a97980058c98
-
SHA256
f33cb818506699190556413520aea94529eceeb0129e2337b13311bbba3aea00
-
SHA512
ef799ba64fa023301ebfc323ae95694b90d239877c98f0dc3d625c2ace5c759b53df7729f8a8c1bdf25f7784a3221cea9a5518ecb4873a641682b3c8bca8c29f
-
SSDEEP
24576:Oj2AR3l2oxrLCQicJ1UqS6TvB7WjRRvvkjjFExbw9xs2d5:IJRnYwpjVS0mtU
Behavioral task
behavioral1
Sample
f33cb818506699190556413520aea94529eceeb0129e2337b13311bbba3aea00N.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
f33cb818506699190556413520aea94529eceeb0129e2337b13311bbba3aea00N
-
Size
1.8MB
-
MD5
a1f7dc028623603fc6679da86c395a50
-
SHA1
cbdbe7473a73038476616db88de8a97980058c98
-
SHA256
f33cb818506699190556413520aea94529eceeb0129e2337b13311bbba3aea00
-
SHA512
ef799ba64fa023301ebfc323ae95694b90d239877c98f0dc3d625c2ace5c759b53df7729f8a8c1bdf25f7784a3221cea9a5518ecb4873a641682b3c8bca8c29f
-
SSDEEP
24576:Oj2AR3l2oxrLCQicJ1UqS6TvB7WjRRvvkjjFExbw9xs2d5:IJRnYwpjVS0mtU
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-