General
-
Target
JaffaCakes118_58c7535a75c46d05bf0ebbd49ccc60db99801374948bb047b27de968fffa1635
-
Size
1.3MB
-
Sample
241230-fvqewsyqgp
-
MD5
80594aecb7761ad7012652e62d66fa2c
-
SHA1
5d455530fcb1b5072dc1250bea98e6aa0bf2c38a
-
SHA256
58c7535a75c46d05bf0ebbd49ccc60db99801374948bb047b27de968fffa1635
-
SHA512
5c03bf70140ba89645346a5082c3f6a8378c794501ba21db4d850bd604123d28ca9079edc69d8e5dc71a43dd8186b701fc11149ea70e08190e7b80fd024f69df
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_58c7535a75c46d05bf0ebbd49ccc60db99801374948bb047b27de968fffa1635.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_58c7535a75c46d05bf0ebbd49ccc60db99801374948bb047b27de968fffa1635.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_58c7535a75c46d05bf0ebbd49ccc60db99801374948bb047b27de968fffa1635
-
Size
1.3MB
-
MD5
80594aecb7761ad7012652e62d66fa2c
-
SHA1
5d455530fcb1b5072dc1250bea98e6aa0bf2c38a
-
SHA256
58c7535a75c46d05bf0ebbd49ccc60db99801374948bb047b27de968fffa1635
-
SHA512
5c03bf70140ba89645346a5082c3f6a8378c794501ba21db4d850bd604123d28ca9079edc69d8e5dc71a43dd8186b701fc11149ea70e08190e7b80fd024f69df
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-