General
-
Target
JaffaCakes118_d3cb3989ed3aa6cd9ee8d51a2878a697dcc4b20d574dc2a240aff2192548bf4c
-
Size
1.3MB
-
Sample
241230-dbhjtswjbw
-
MD5
7611c93f171fcae828a6392638eb46d2
-
SHA1
5751f17b0e1e3963565ce4b40ae189e0eebe6420
-
SHA256
d3cb3989ed3aa6cd9ee8d51a2878a697dcc4b20d574dc2a240aff2192548bf4c
-
SHA512
67dd292126f7e20342ef9e91eb92d4297ef5e1ea9b69be8bf78fb21d2b85e9f6c460cf553657c5d42b734e3b19b78de1e9e6ea77cdf00911c27d9b110e12d73e
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_d3cb3989ed3aa6cd9ee8d51a2878a697dcc4b20d574dc2a240aff2192548bf4c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_d3cb3989ed3aa6cd9ee8d51a2878a697dcc4b20d574dc2a240aff2192548bf4c.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_d3cb3989ed3aa6cd9ee8d51a2878a697dcc4b20d574dc2a240aff2192548bf4c
-
Size
1.3MB
-
MD5
7611c93f171fcae828a6392638eb46d2
-
SHA1
5751f17b0e1e3963565ce4b40ae189e0eebe6420
-
SHA256
d3cb3989ed3aa6cd9ee8d51a2878a697dcc4b20d574dc2a240aff2192548bf4c
-
SHA512
67dd292126f7e20342ef9e91eb92d4297ef5e1ea9b69be8bf78fb21d2b85e9f6c460cf553657c5d42b734e3b19b78de1e9e6ea77cdf00911c27d9b110e12d73e
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-