General
-
Target
495384b217ec6d09dc67abbce357e82813d6194741988a93030181309f5b5707.exe
-
Size
827KB
-
Sample
241230-tyjy6sskhs
-
MD5
8dd4d6bc11e00b92762a60413bff8ccb
-
SHA1
b7e060163ea51cabb60aa11bbd1ec5cfb856a933
-
SHA256
495384b217ec6d09dc67abbce357e82813d6194741988a93030181309f5b5707
-
SHA512
6bb31fbe4e5d8f13b4f243257b5f1fdb21de2526deba4081d1de1e43f0d3b37a21bc00390db6ecce19456d34db9bde01af5867e74433648c85482d3ef7c50a97
-
SSDEEP
24576:8mkzClvITluS4gHdPvqh0utgaHDS+6nf/Z:8/aIT2gtzYgajSf
Behavioral task
behavioral1
Sample
495384b217ec6d09dc67abbce357e82813d6194741988a93030181309f5b5707.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
495384b217ec6d09dc67abbce357e82813d6194741988a93030181309f5b5707.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
495384b217ec6d09dc67abbce357e82813d6194741988a93030181309f5b5707.exe
-
Size
827KB
-
MD5
8dd4d6bc11e00b92762a60413bff8ccb
-
SHA1
b7e060163ea51cabb60aa11bbd1ec5cfb856a933
-
SHA256
495384b217ec6d09dc67abbce357e82813d6194741988a93030181309f5b5707
-
SHA512
6bb31fbe4e5d8f13b4f243257b5f1fdb21de2526deba4081d1de1e43f0d3b37a21bc00390db6ecce19456d34db9bde01af5867e74433648c85482d3ef7c50a97
-
SSDEEP
24576:8mkzClvITluS4gHdPvqh0utgaHDS+6nf/Z:8/aIT2gtzYgajSf
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-