General
-
Target
2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f.exe
-
Size
1.2MB
-
Sample
240630-bf4azsvckr
-
MD5
4de89d32568fd0f9669aeb674d72f61f
-
SHA1
6b8da15ab4ac7cb4d1e8acb9b04c8831994352cb
-
SHA256
2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f
-
SHA512
392befbddd039a82d6da643f8cfc4164bdf22c43ba3685d102be6dc3565f868e7190f6abc1d9dbf3b63d5523d497697b1e84b30523a41ccf86de3db3d8b17664
-
SSDEEP
24576:3bBJV+TppUZ1xPUglkrp4MRf/DjD83jHQ10nRT:rlU8Pwu8nojHM0nR
Behavioral task
behavioral1
Sample
2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f.exe
-
Size
1.2MB
-
MD5
4de89d32568fd0f9669aeb674d72f61f
-
SHA1
6b8da15ab4ac7cb4d1e8acb9b04c8831994352cb
-
SHA256
2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f
-
SHA512
392befbddd039a82d6da643f8cfc4164bdf22c43ba3685d102be6dc3565f868e7190f6abc1d9dbf3b63d5523d497697b1e84b30523a41ccf86de3db3d8b17664
-
SSDEEP
24576:3bBJV+TppUZ1xPUglkrp4MRf/DjD83jHQ10nRT:rlU8Pwu8nojHM0nR
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-