General
-
Target
Rouzzzey.7z
-
Size
17.1MB
-
Sample
210421-67ta5keqaa
-
MD5
ad251dc50433cd8de777ff5cd9fcfd0c
-
SHA1
badaca6896ac49d890ad3d2b9a7a2887d3f74591
-
SHA256
1c727f37816d073ee277ef1fd45a449ba5b877a3f96add64bb052d50b69de81d
-
SHA512
413cf9c661d4179455e8379b8ff42fe195ff98f703916151579fa304f076b83abb28296a6f5adc9bdf92607e60c4541a1c6edcbc6d96e50e7cbd245b71f463c1
Static task
static1
Behavioral task
behavioral1
Sample
dashdV.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
dashdV.exe
Resource
win10v20210408
Behavioral task
behavioral3
Sample
dashdV.exe
Resource
win10v20210410
Behavioral task
behavioral4
Sample
dashdV.exe
Resource
win10v20210410
Behavioral task
behavioral5
Sample
dashdV.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
dashdV.exe
-
Size
17.1MB
-
MD5
765f570a565d578f2ace3ccb41cef038
-
SHA1
89b44e3aa8f3c93f80ae29f7a36a9486b080229d
-
SHA256
0d7c515d3483b45d5725717070e8497435c39b3450af59194b2a32a33c2867e8
-
SHA512
941862a1d09e70725f9826b05dc8a8c7442add91229f39ac7ea9d4e6b8d0f751d749ac6b6ac2202290122945e14bab06516680a7007598af7cca62ac1b465898
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-