General
-
Target
JaffaCakes118_2115d843dde91c4a91395c3611b5bdd83fc85ece33fdcfe27e9a677dff716282
-
Size
1.3MB
-
Sample
241222-afm4bsvqbr
-
MD5
914aa820a6c73ece46c870ce43b700fb
-
SHA1
8bfc321253854fbb8605b530a2a1ef1ab6956e33
-
SHA256
2115d843dde91c4a91395c3611b5bdd83fc85ece33fdcfe27e9a677dff716282
-
SHA512
213338a272aa06f25f222b262218446caf9bab3bd337e3bc78e1c25e266f3f15eba408df86be878164633f7db1747b15eb624622d107aa38be4acb0ab7d07adf
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_2115d843dde91c4a91395c3611b5bdd83fc85ece33fdcfe27e9a677dff716282.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_2115d843dde91c4a91395c3611b5bdd83fc85ece33fdcfe27e9a677dff716282.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_2115d843dde91c4a91395c3611b5bdd83fc85ece33fdcfe27e9a677dff716282
-
Size
1.3MB
-
MD5
914aa820a6c73ece46c870ce43b700fb
-
SHA1
8bfc321253854fbb8605b530a2a1ef1ab6956e33
-
SHA256
2115d843dde91c4a91395c3611b5bdd83fc85ece33fdcfe27e9a677dff716282
-
SHA512
213338a272aa06f25f222b262218446caf9bab3bd337e3bc78e1c25e266f3f15eba408df86be878164633f7db1747b15eb624622d107aa38be4acb0ab7d07adf
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-