General
-
Target
500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015.exe
-
Size
2.3MB
-
Sample
241230-csg4ysvkdz
-
MD5
97177514cab51539083ef130f005bbd1
-
SHA1
49e2661ee3e8f6fd6b06334b00543590ed8fe208
-
SHA256
500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015
-
SHA512
7ce6e7255d482b7c78f759098f9744f5f0ef462a79ad061d19f8036061b807963c924665bbe66e23e26a36990b5849d527b750ab6d0e9f6010cf4d665ec3d897
-
SSDEEP
49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT
Behavioral task
behavioral1
Sample
500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015.exe
-
Size
2.3MB
-
MD5
97177514cab51539083ef130f005bbd1
-
SHA1
49e2661ee3e8f6fd6b06334b00543590ed8fe208
-
SHA256
500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015
-
SHA512
7ce6e7255d482b7c78f759098f9744f5f0ef462a79ad061d19f8036061b807963c924665bbe66e23e26a36990b5849d527b750ab6d0e9f6010cf4d665ec3d897
-
SSDEEP
49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-