General
-
Target
Modrinth.exe
-
Size
6.8MB
-
Sample
240704-yn8l1aybrh
-
MD5
21cad48edbc93da2d1e1ab6f6632461a
-
SHA1
667a584eae5a57937d66d64249c26c8b1b2abf8f
-
SHA256
32619382ab72416dff258bff30a8b505d6e69e818345612892a121c28f3b23b0
-
SHA512
9125263a9b31336d350e19f9c79460038f7a6c48db109001e93fd8d7e8aba30c3bf44a362c4f3ee87294d3cf9052cbc8d7da518d34356212cb6f914a9990a21d
-
SSDEEP
196608:UQKQUc/HMlS2JxmYcmcg7XGqb6Msq51GPo:XKwslSDVoXGe1GQ
Behavioral task
behavioral1
Sample
Modrinth.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Modrinth.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
Modrinth.exe
-
Size
6.8MB
-
MD5
21cad48edbc93da2d1e1ab6f6632461a
-
SHA1
667a584eae5a57937d66d64249c26c8b1b2abf8f
-
SHA256
32619382ab72416dff258bff30a8b505d6e69e818345612892a121c28f3b23b0
-
SHA512
9125263a9b31336d350e19f9c79460038f7a6c48db109001e93fd8d7e8aba30c3bf44a362c4f3ee87294d3cf9052cbc8d7da518d34356212cb6f914a9990a21d
-
SSDEEP
196608:UQKQUc/HMlS2JxmYcmcg7XGqb6Msq51GPo:XKwslSDVoXGe1GQ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-