General
-
Target
JaffaCakes118_364532c577bd7b6231ab88362d4377d2c665ea92f07de32746fe5a0bd4046341
-
Size
1.3MB
-
Sample
241221-1w8yva1mgr
-
MD5
b9b44c07c3f43d735fd8ce9d90e32cfa
-
SHA1
e119216e3abfa510fbd3eb8a6cf72153a054ffbc
-
SHA256
364532c577bd7b6231ab88362d4377d2c665ea92f07de32746fe5a0bd4046341
-
SHA512
b285303ea67facf0cee1ad524cbcf2241ee842431470e24639d2f26551324599ceb0edd7bda03204819af7bce26f90ec837810830ac0e38fc047b717a136b95d
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_364532c577bd7b6231ab88362d4377d2c665ea92f07de32746fe5a0bd4046341.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_364532c577bd7b6231ab88362d4377d2c665ea92f07de32746fe5a0bd4046341.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_364532c577bd7b6231ab88362d4377d2c665ea92f07de32746fe5a0bd4046341
-
Size
1.3MB
-
MD5
b9b44c07c3f43d735fd8ce9d90e32cfa
-
SHA1
e119216e3abfa510fbd3eb8a6cf72153a054ffbc
-
SHA256
364532c577bd7b6231ab88362d4377d2c665ea92f07de32746fe5a0bd4046341
-
SHA512
b285303ea67facf0cee1ad524cbcf2241ee842431470e24639d2f26551324599ceb0edd7bda03204819af7bce26f90ec837810830ac0e38fc047b717a136b95d
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-