General
-
Target
bc4973de07361d1d10fba21f8723950c4f21b3f920625a28fbe3f432cbc8a3f2
-
Size
1.3MB
-
Sample
241221-wjje7svndw
-
MD5
f6fca798992866e9ca4a5ed2877b593f
-
SHA1
b00d16bca71931ffaca0475ede0ad8e91def06d1
-
SHA256
bc4973de07361d1d10fba21f8723950c4f21b3f920625a28fbe3f432cbc8a3f2
-
SHA512
51a94ea9fc32e268e0fec10c68376f879df3d75a498d584baa0dcbea2c8f9355d5a678e2b1a72e4b56d5d8d895594424d4c88f79013d5e162409f8c0a29c8cc5
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
bc4973de07361d1d10fba21f8723950c4f21b3f920625a28fbe3f432cbc8a3f2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bc4973de07361d1d10fba21f8723950c4f21b3f920625a28fbe3f432cbc8a3f2.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
bc4973de07361d1d10fba21f8723950c4f21b3f920625a28fbe3f432cbc8a3f2
-
Size
1.3MB
-
MD5
f6fca798992866e9ca4a5ed2877b593f
-
SHA1
b00d16bca71931ffaca0475ede0ad8e91def06d1
-
SHA256
bc4973de07361d1d10fba21f8723950c4f21b3f920625a28fbe3f432cbc8a3f2
-
SHA512
51a94ea9fc32e268e0fec10c68376f879df3d75a498d584baa0dcbea2c8f9355d5a678e2b1a72e4b56d5d8d895594424d4c88f79013d5e162409f8c0a29c8cc5
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-