General
-
Target
8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86.exe
-
Size
1.5MB
-
Sample
240630-bplgja1fjf
-
MD5
508012932c4ae48ea55fd9878cbc6fea
-
SHA1
393f567d52f89502801e26bf7d27a603b12c5f89
-
SHA256
8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86
-
SHA512
3c7f87203d818491f6d1d3c88caed2705ee5b2c369374615b4c732894184dcc61b7770818d3c5a4a6b120e594ec21e48ce5c4bcd5fb2f2d814313fb0454a3e35
-
SSDEEP
24576:u2G/nvxW3WieCVHIfa4YPdvEo074Zxgzv4AkDKiK0AtSSIb3gqAIjO:ubA3jRIi4noPhUi/Atbc3il
Behavioral task
behavioral1
Sample
8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86.exe
-
Size
1.5MB
-
MD5
508012932c4ae48ea55fd9878cbc6fea
-
SHA1
393f567d52f89502801e26bf7d27a603b12c5f89
-
SHA256
8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86
-
SHA512
3c7f87203d818491f6d1d3c88caed2705ee5b2c369374615b4c732894184dcc61b7770818d3c5a4a6b120e594ec21e48ce5c4bcd5fb2f2d814313fb0454a3e35
-
SSDEEP
24576:u2G/nvxW3WieCVHIfa4YPdvEo074Zxgzv4AkDKiK0AtSSIb3gqAIjO:ubA3jRIi4noPhUi/Atbc3il
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-