General
-
Target
9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004fN.exe
-
Size
828KB
-
Sample
241222-g5jwjaxneq
-
MD5
58af79b3ea2a593144474e327fa48a10
-
SHA1
4a32b49ec04f6f8e3a7b2097fb9b5bb36f4dffcf
-
SHA256
9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004f
-
SHA512
3923cfd4344b68a3b468f82b7e142ff5778a548cb692138ad7fee57ed0f003fa355a0b90b043ac78275a8489073bccdcc6aef9b1664b262b24a8a04a876bf13a
-
SSDEEP
12288:K5jHYVjmobNqsKDsSvjbHQVtVZJizDxRxhDsGALvbI6bnY6a2Xu:1b4sKDZUZJuR/ALvbLnY8Xu
Behavioral task
behavioral1
Sample
9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004fN.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004fN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004fN.exe
-
Size
828KB
-
MD5
58af79b3ea2a593144474e327fa48a10
-
SHA1
4a32b49ec04f6f8e3a7b2097fb9b5bb36f4dffcf
-
SHA256
9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004f
-
SHA512
3923cfd4344b68a3b468f82b7e142ff5778a548cb692138ad7fee57ed0f003fa355a0b90b043ac78275a8489073bccdcc6aef9b1664b262b24a8a04a876bf13a
-
SSDEEP
12288:K5jHYVjmobNqsKDsSvjbHQVtVZJizDxRxhDsGALvbI6bnY6a2Xu:1b4sKDZUZJuR/ALvbLnY8Xu
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-