General
-
Target
malware.exe
-
Size
1.9MB
-
Sample
240701-a78t4sthpj
-
MD5
4825e7df93d8acb3dd236cc14c342a71
-
SHA1
5cc72cdde2d55a8c5e01ccd80cbb5743bc60ca1b
-
SHA256
c84bbfce14fdc65c6e738ce1196d40066c87e58f443e23266d3b9e542b8a583e
-
SHA512
a2e8aa90a719cdddb2f9a4fb21b43f6471cb06e0cb94bd041f26b6a4e11bd820a04c5ea832bb899a91db73d7114b046834afe788d6c03d71b1bf6697272de591
-
SSDEEP
24576:Ware5SMXhd8zlKNfn6LQrmq4Ku0a7ttoXJZ4pt+NfCgPc52L6cnPmJ9C7CnzpCrk:WvgTW0uNmJPCrjTpM5B3L/q0vlU426n
Static task
static1
Behavioral task
behavioral1
Sample
malware.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
malware.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
malware.exe
-
Size
1.9MB
-
MD5
4825e7df93d8acb3dd236cc14c342a71
-
SHA1
5cc72cdde2d55a8c5e01ccd80cbb5743bc60ca1b
-
SHA256
c84bbfce14fdc65c6e738ce1196d40066c87e58f443e23266d3b9e542b8a583e
-
SHA512
a2e8aa90a719cdddb2f9a4fb21b43f6471cb06e0cb94bd041f26b6a4e11bd820a04c5ea832bb899a91db73d7114b046834afe788d6c03d71b1bf6697272de591
-
SSDEEP
24576:Ware5SMXhd8zlKNfn6LQrmq4Ku0a7ttoXJZ4pt+NfCgPc52L6cnPmJ9C7CnzpCrk:WvgTW0uNmJPCrjTpM5B3L/q0vlU426n
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-