General
-
Target
JaffaCakes118_ff184108bfb04dc1035981617c78783cbf69ece2019921a8937b1dc5dacba086
-
Size
1.3MB
-
Sample
241222-apnq8awkcp
-
MD5
48152ebb75ca491215e167543c0f3f4d
-
SHA1
1052db0bbde734c7544d1b8b60031a102bb269d1
-
SHA256
ff184108bfb04dc1035981617c78783cbf69ece2019921a8937b1dc5dacba086
-
SHA512
c17b766d9bc0285b810001fa77f5be66db4957334cc990724f2dd8a9a50ea34db088e5c4ad24d32d16823adcd614b9b607ef929dba1d33981e5a7479e59ce1fd
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_ff184108bfb04dc1035981617c78783cbf69ece2019921a8937b1dc5dacba086.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ff184108bfb04dc1035981617c78783cbf69ece2019921a8937b1dc5dacba086.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_ff184108bfb04dc1035981617c78783cbf69ece2019921a8937b1dc5dacba086
-
Size
1.3MB
-
MD5
48152ebb75ca491215e167543c0f3f4d
-
SHA1
1052db0bbde734c7544d1b8b60031a102bb269d1
-
SHA256
ff184108bfb04dc1035981617c78783cbf69ece2019921a8937b1dc5dacba086
-
SHA512
c17b766d9bc0285b810001fa77f5be66db4957334cc990724f2dd8a9a50ea34db088e5c4ad24d32d16823adcd614b9b607ef929dba1d33981e5a7479e59ce1fd
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-