General
-
Target
JaffaCakes118_bbc9ddc269c43c2f86c1daa880e8dd11d578c49b95557c8b3fa0a95fe963b874
-
Size
1.3MB
-
Sample
241230-cb8kkstpc1
-
MD5
bc2b67f63b3b07241fde5db665cd8022
-
SHA1
9811b6429483dd3e85992a2bc3df2f70c08c112c
-
SHA256
bbc9ddc269c43c2f86c1daa880e8dd11d578c49b95557c8b3fa0a95fe963b874
-
SHA512
08928d21f9b71341618240f68b73be07979f4d213db60051a9a40033f04d669c56981e176c6e67e0ce6ef0b42fef110c77033f879976047237f24f15869e6d24
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_bbc9ddc269c43c2f86c1daa880e8dd11d578c49b95557c8b3fa0a95fe963b874.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_bbc9ddc269c43c2f86c1daa880e8dd11d578c49b95557c8b3fa0a95fe963b874.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_bbc9ddc269c43c2f86c1daa880e8dd11d578c49b95557c8b3fa0a95fe963b874
-
Size
1.3MB
-
MD5
bc2b67f63b3b07241fde5db665cd8022
-
SHA1
9811b6429483dd3e85992a2bc3df2f70c08c112c
-
SHA256
bbc9ddc269c43c2f86c1daa880e8dd11d578c49b95557c8b3fa0a95fe963b874
-
SHA512
08928d21f9b71341618240f68b73be07979f4d213db60051a9a40033f04d669c56981e176c6e67e0ce6ef0b42fef110c77033f879976047237f24f15869e6d24
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-