General
-
Target
14fcd197cdb6cdb4c01ce23615c00e53.bin
-
Size
809KB
-
Sample
240630-bhgvrs1dqf
-
MD5
dc13cff63eec89de045847ee08b38a2a
-
SHA1
d9017f8b2c04fb74a1593a950f7fb66145536c31
-
SHA256
f441317d17e6b7c64e1bba5228b509142abe985bd47677a641c3e05f28886cf1
-
SHA512
dadd4e27663d393c72aa6aed900bd20fb154480b4edac7f1658620266f6093146019828399f9e31edd5ed8a5fca9ea8c1e81f7ca2e6573dbea3aef1e3ea9cd6f
-
SSDEEP
24576:9zuwfJc0AM1mnq+ZKa6HfJRQAA8JIfyc5Pm:tuKJcxu/JR+byim
Behavioral task
behavioral1
Sample
f9dc41ab7a043cf887b9737060be951dd11571c5774a8b6ca004b503c1995c72.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f9dc41ab7a043cf887b9737060be951dd11571c5774a8b6ca004b503c1995c72.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
f9dc41ab7a043cf887b9737060be951dd11571c5774a8b6ca004b503c1995c72.exe
-
Size
1.2MB
-
MD5
14fcd197cdb6cdb4c01ce23615c00e53
-
SHA1
010670457c082a750eca6d28568ed819b1f32559
-
SHA256
f9dc41ab7a043cf887b9737060be951dd11571c5774a8b6ca004b503c1995c72
-
SHA512
a170f923fbd41d78f60a3ac06fb5b04e867955c07746063a28c861ce9f74c0460ea539f0e900234bbacb02d0485e4fd8355a0a6826d64fcdd8aef5b059997c7b
-
SSDEEP
24576:RHIfa4YPdvEo074Zxgzv4AkDKiK0AtSSIb3gqAIj:FIi4noPhUi/Atbc3i
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-