General
-
Target
JaffaCakes118_54c697a6c87bf530998fd17ff51e87b09194bce09cc0647535815ae3ed1872f3
-
Size
1.3MB
-
Sample
241221-y3pgnsymfs
-
MD5
70a3a73630cf2f1b5e514f82589f7c69
-
SHA1
b8eb8c8de83226ef6411be5423cf1bc610b33a11
-
SHA256
54c697a6c87bf530998fd17ff51e87b09194bce09cc0647535815ae3ed1872f3
-
SHA512
183d92e6c120b610f95cfc3b025b0664c7f713b88e3aaff1fec916783566e5c579be9dd2dc504e56d2662a554731ca3a1def0647057df1cbd3bef4955292c895
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_54c697a6c87bf530998fd17ff51e87b09194bce09cc0647535815ae3ed1872f3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_54c697a6c87bf530998fd17ff51e87b09194bce09cc0647535815ae3ed1872f3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_54c697a6c87bf530998fd17ff51e87b09194bce09cc0647535815ae3ed1872f3
-
Size
1.3MB
-
MD5
70a3a73630cf2f1b5e514f82589f7c69
-
SHA1
b8eb8c8de83226ef6411be5423cf1bc610b33a11
-
SHA256
54c697a6c87bf530998fd17ff51e87b09194bce09cc0647535815ae3ed1872f3
-
SHA512
183d92e6c120b610f95cfc3b025b0664c7f713b88e3aaff1fec916783566e5c579be9dd2dc504e56d2662a554731ca3a1def0647057df1cbd3bef4955292c895
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-