Resubmissions
30-06-2024 12:39
240630-pvta8a1drr 10General
-
Target
MEGALOADER.exe
-
Size
1.7MB
-
Sample
240630-pvta8a1drr
-
MD5
ac4c9d6cd24a44a660c69bf7b55f17b0
-
SHA1
e41107db8aad88bb26d1879db7aed31e91942644
-
SHA256
f5fb3ae5ca25c16f178ca10c99aa7b4af70dc38fd806aef46d662c6ab40aab78
-
SHA512
0b1ee2a0c3a1c73d9ce53111df250c2c36d4dcc38ac9426bede09c8eb9a274aadb671e86018073c62abd7c09726ff878ccf1001240754e9bef3948e0a2130c4f
-
SSDEEP
24576:O2G/nvxW3Wir0g0bcg1vqd25Gl35KcbOwGqq+AZbPxtDSk5/FX5vDlIXNQdSR:ObA3dogGy/3dSnEYFJvxSN
Behavioral task
behavioral1
Sample
MEGALOADER.exe
Resource
win10-20240611-en
Malware Config
Targets
-
-
Target
MEGALOADER.exe
-
Size
1.7MB
-
MD5
ac4c9d6cd24a44a660c69bf7b55f17b0
-
SHA1
e41107db8aad88bb26d1879db7aed31e91942644
-
SHA256
f5fb3ae5ca25c16f178ca10c99aa7b4af70dc38fd806aef46d662c6ab40aab78
-
SHA512
0b1ee2a0c3a1c73d9ce53111df250c2c36d4dcc38ac9426bede09c8eb9a274aadb671e86018073c62abd7c09726ff878ccf1001240754e9bef3948e0a2130c4f
-
SSDEEP
24576:O2G/nvxW3Wir0g0bcg1vqd25Gl35KcbOwGqq+AZbPxtDSk5/FX5vDlIXNQdSR:ObA3dogGy/3dSnEYFJvxSN
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Legitimate hosting services abused for malware hosting/C2
-