General
-
Target
91034df30d1ef00ed5f689e3d8cd041fb9a36caf97af9c430eede4c3e047567d.exe
-
Size
1.7MB
-
Sample
241230-wfwlcstrhs
-
MD5
2526937c096baa22a3af4104efd8466c
-
SHA1
7b3459bc0bef82889b96baef0d10c6f8853f5647
-
SHA256
91034df30d1ef00ed5f689e3d8cd041fb9a36caf97af9c430eede4c3e047567d
-
SHA512
2a1f7482680c435617ff0de3efb99f738c820dd336d5cc1fe6d055d0c2c41e5aa8f3b7f25b5039b0b43f7b9e081575c7e2d72d6a9573a1c6817a1506d72b4418
-
SSDEEP
24576:N3QwuLyEbVoCtPreIjNLoN/VNGeSQDx1m17zezKOkCzeJGFUJ0:NgwuuEpdDLNwVMeXDL0fdSzAGB
Behavioral task
behavioral1
Sample
91034df30d1ef00ed5f689e3d8cd041fb9a36caf97af9c430eede4c3e047567d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
91034df30d1ef00ed5f689e3d8cd041fb9a36caf97af9c430eede4c3e047567d.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
91034df30d1ef00ed5f689e3d8cd041fb9a36caf97af9c430eede4c3e047567d.exe
-
Size
1.7MB
-
MD5
2526937c096baa22a3af4104efd8466c
-
SHA1
7b3459bc0bef82889b96baef0d10c6f8853f5647
-
SHA256
91034df30d1ef00ed5f689e3d8cd041fb9a36caf97af9c430eede4c3e047567d
-
SHA512
2a1f7482680c435617ff0de3efb99f738c820dd336d5cc1fe6d055d0c2c41e5aa8f3b7f25b5039b0b43f7b9e081575c7e2d72d6a9573a1c6817a1506d72b4418
-
SSDEEP
24576:N3QwuLyEbVoCtPreIjNLoN/VNGeSQDx1m17zezKOkCzeJGFUJ0:NgwuuEpdDLNwVMeXDL0fdSzAGB
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-