General
-
Target
9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942.exe
-
Size
1.6MB
-
Sample
241031-d8gc2aygmd
-
MD5
844679e76d8254bedd67c98610f7d7ac
-
SHA1
4222ebbb055830096b829f072783423dbe255932
-
SHA256
9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942
-
SHA512
fddb80736936d7c0d46ec3958885237681cbbd416455d7a48d075092d38a0c5e435112c25b595b8cc99b0a8ed2143ac2f28e893373a7b6e9772ee722706a3c05
-
SSDEEP
24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+
Static task
static1
Behavioral task
behavioral1
Sample
9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942.exe
-
Size
1.6MB
-
MD5
844679e76d8254bedd67c98610f7d7ac
-
SHA1
4222ebbb055830096b829f072783423dbe255932
-
SHA256
9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942
-
SHA512
fddb80736936d7c0d46ec3958885237681cbbd416455d7a48d075092d38a0c5e435112c25b595b8cc99b0a8ed2143ac2f28e893373a7b6e9772ee722706a3c05
-
SSDEEP
24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-