General
-
Target
JaffaCakes118_ed183a62f716f18eabceaa76b4be07b0964a15b90fd17a44342631ac85e521ee
-
Size
1.3MB
-
Sample
241222-g5e8caxnen
-
MD5
1d0f92131d446bb757559c0715a0116e
-
SHA1
22abe0fe9aa3091f852c19e4de0b570bc63a6aa5
-
SHA256
ed183a62f716f18eabceaa76b4be07b0964a15b90fd17a44342631ac85e521ee
-
SHA512
31b428acc3d01a47b31c21775c956a4aeafd2ce555c26ac950e8a928815002d2597a8caa9c116f2fad389042d8537344ce57a93cce67e7a5b8774b4600e35e43
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_ed183a62f716f18eabceaa76b4be07b0964a15b90fd17a44342631ac85e521ee.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ed183a62f716f18eabceaa76b4be07b0964a15b90fd17a44342631ac85e521ee.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_ed183a62f716f18eabceaa76b4be07b0964a15b90fd17a44342631ac85e521ee
-
Size
1.3MB
-
MD5
1d0f92131d446bb757559c0715a0116e
-
SHA1
22abe0fe9aa3091f852c19e4de0b570bc63a6aa5
-
SHA256
ed183a62f716f18eabceaa76b4be07b0964a15b90fd17a44342631ac85e521ee
-
SHA512
31b428acc3d01a47b31c21775c956a4aeafd2ce555c26ac950e8a928815002d2597a8caa9c116f2fad389042d8537344ce57a93cce67e7a5b8774b4600e35e43
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-