General
-
Target
JaffaCakes118_382e91e5c06dadd0df347a115ae22243abc97d3bcf8c4b8a6bba12ca0d915f98
-
Size
1.3MB
-
Sample
241230-wkxdfssjhj
-
MD5
537ec18eba3f6a78e397f521b408e76d
-
SHA1
ad912f109948b8937dfc717378098c51b4ec48ad
-
SHA256
382e91e5c06dadd0df347a115ae22243abc97d3bcf8c4b8a6bba12ca0d915f98
-
SHA512
ece6b7b0fd2929a53fc1b3a8685fdf87f422287084c0052da7a12a46a9ae35868505b81e4bd183fe6a7191ada075ef6d676803392b8aa55ffaf46bf9f7dcbd6f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
JaffaCakes118_382e91e5c06dadd0df347a115ae22243abc97d3bcf8c4b8a6bba12ca0d915f98.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_382e91e5c06dadd0df347a115ae22243abc97d3bcf8c4b8a6bba12ca0d915f98.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_382e91e5c06dadd0df347a115ae22243abc97d3bcf8c4b8a6bba12ca0d915f98
-
Size
1.3MB
-
MD5
537ec18eba3f6a78e397f521b408e76d
-
SHA1
ad912f109948b8937dfc717378098c51b4ec48ad
-
SHA256
382e91e5c06dadd0df347a115ae22243abc97d3bcf8c4b8a6bba12ca0d915f98
-
SHA512
ece6b7b0fd2929a53fc1b3a8685fdf87f422287084c0052da7a12a46a9ae35868505b81e4bd183fe6a7191ada075ef6d676803392b8aa55ffaf46bf9f7dcbd6f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-