General
-
Target
JaffaCakes118_fdc297fcbcb8ad6651b08f3c1b920f86cd42f5c02d6b13cc5db0449d87fe4cec
-
Size
1.3MB
-
Sample
241222-bgxvlaxjdy
-
MD5
a06e55cfbc590b07f316d25f18d305f5
-
SHA1
86830bcf1c150c58e43b784fc4f90eed9ffb24d3
-
SHA256
fdc297fcbcb8ad6651b08f3c1b920f86cd42f5c02d6b13cc5db0449d87fe4cec
-
SHA512
2f0b90eea05c0d48bcd5f8ce89e9e2b341ce1e7c758a307fc380a9bbdd37d39482ad4b6f7d7b88c549d19474e232bc309ff2f4b07edafac0ed9edd7e12ee392a
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_fdc297fcbcb8ad6651b08f3c1b920f86cd42f5c02d6b13cc5db0449d87fe4cec.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_fdc297fcbcb8ad6651b08f3c1b920f86cd42f5c02d6b13cc5db0449d87fe4cec.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_fdc297fcbcb8ad6651b08f3c1b920f86cd42f5c02d6b13cc5db0449d87fe4cec
-
Size
1.3MB
-
MD5
a06e55cfbc590b07f316d25f18d305f5
-
SHA1
86830bcf1c150c58e43b784fc4f90eed9ffb24d3
-
SHA256
fdc297fcbcb8ad6651b08f3c1b920f86cd42f5c02d6b13cc5db0449d87fe4cec
-
SHA512
2f0b90eea05c0d48bcd5f8ce89e9e2b341ce1e7c758a307fc380a9bbdd37d39482ad4b6f7d7b88c549d19474e232bc309ff2f4b07edafac0ed9edd7e12ee392a
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-