General
-
Target
JaffaCakes118_f1ab460da4ad8b257de97ef2e569910191e432327cdbf16c73fac65d7dda81bf
-
Size
1.3MB
-
Sample
241221-wq3gnavqdt
-
MD5
b482b89208955a50de768e8ca3a1cf31
-
SHA1
61758eaadf5a819fbb9562d0bab68374034a0bf5
-
SHA256
f1ab460da4ad8b257de97ef2e569910191e432327cdbf16c73fac65d7dda81bf
-
SHA512
bc3258b393e91edd29b10b0dc26a5a8d1ebb90f92e5ac9c84a44a4e3289fc498281a89834111b6023cc6097f87a594fdfa9ff485af7ddff7887ee1ee5b1f4fa3
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_f1ab460da4ad8b257de97ef2e569910191e432327cdbf16c73fac65d7dda81bf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_f1ab460da4ad8b257de97ef2e569910191e432327cdbf16c73fac65d7dda81bf.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_f1ab460da4ad8b257de97ef2e569910191e432327cdbf16c73fac65d7dda81bf
-
Size
1.3MB
-
MD5
b482b89208955a50de768e8ca3a1cf31
-
SHA1
61758eaadf5a819fbb9562d0bab68374034a0bf5
-
SHA256
f1ab460da4ad8b257de97ef2e569910191e432327cdbf16c73fac65d7dda81bf
-
SHA512
bc3258b393e91edd29b10b0dc26a5a8d1ebb90f92e5ac9c84a44a4e3289fc498281a89834111b6023cc6097f87a594fdfa9ff485af7ddff7887ee1ee5b1f4fa3
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-