General
-
Target
e79948761051a1e17f02524190df4a72.bin
-
Size
6.8MB
-
Sample
240701-ehebesyerr
-
MD5
e79948761051a1e17f02524190df4a72
-
SHA1
de5e022a20d3042f86cc32c0094ed8c289d16af1
-
SHA256
e3695272fa7651aa35324249135e6ea4f10166a20fc896fbe67d9c4e3eaa28f4
-
SHA512
de9d9cd0caec960af644c26517ec5a726295b4f7847849092de28ecbe04ae97ac4636ce2335974dc0b6c8e1455b0192248e3abf3c8befc4ae809e14f9f7b27dc
-
SSDEEP
196608:T/HMlS2JxmYcmcg7XGqb6Msq51GPfe7qfGAb:7slSDVoXGe1GrfPb
Behavioral task
behavioral1
Sample
e79948761051a1e17f02524190df4a72.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
e79948761051a1e17f02524190df4a72.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
e79948761051a1e17f02524190df4a72.bin
-
Size
6.8MB
-
MD5
e79948761051a1e17f02524190df4a72
-
SHA1
de5e022a20d3042f86cc32c0094ed8c289d16af1
-
SHA256
e3695272fa7651aa35324249135e6ea4f10166a20fc896fbe67d9c4e3eaa28f4
-
SHA512
de9d9cd0caec960af644c26517ec5a726295b4f7847849092de28ecbe04ae97ac4636ce2335974dc0b6c8e1455b0192248e3abf3c8befc4ae809e14f9f7b27dc
-
SSDEEP
196608:T/HMlS2JxmYcmcg7XGqb6Msq51GPfe7qfGAb:7slSDVoXGe1GrfPb
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-