General
-
Target
59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573
-
Size
1.3MB
-
Sample
250324-rf3x8avkv3
-
MD5
c4c3dda932f1f288a7091eb1b6bfcc8f
-
SHA1
63216a8fc66477860834a280b812b170863af11a
-
SHA256
59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573
-
SHA512
cf6ed58e0942d09663627a79464bf77eccedfa79082fe12724a2fc022edd56c2107fae25be23bc14c070354583e06335dad635974a6a2f9d74c80ec6ea35b269
-
SSDEEP
24576:mM0FvyGsOBDr8gCy5viNtXY91McnOTlRLzrwlKfPGGPwOQVC8+zJ:F0FvJzgSiNR5VzrwMfuG4OQ3+zJ
Static task
static1
Behavioral task
behavioral1
Sample
59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573
-
Size
1.3MB
-
MD5
c4c3dda932f1f288a7091eb1b6bfcc8f
-
SHA1
63216a8fc66477860834a280b812b170863af11a
-
SHA256
59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573
-
SHA512
cf6ed58e0942d09663627a79464bf77eccedfa79082fe12724a2fc022edd56c2107fae25be23bc14c070354583e06335dad635974a6a2f9d74c80ec6ea35b269
-
SSDEEP
24576:mM0FvyGsOBDr8gCy5viNtXY91McnOTlRLzrwlKfPGGPwOQVC8+zJ:F0FvJzgSiNR5VzrwMfuG4OQ3+zJ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-