General
-
Target
init.sh
-
Size
39KB
-
Sample
210507-k6gaa6hb3a
-
MD5
cbdc3a5c3a3c4bca9d4f71b2f5a285ee
-
SHA1
d7130c8513e095516e5d5a9d51f5d5c4777151b5
-
SHA256
fe0816092e006960f2261a3fa919b577aa392291bb0a11149805c651ac633909
-
SHA512
00d2df9ba288e712bfe2577d9209311d6347e1a0fcf9137938619a8cda3401bd814672f5f9a6691417a5d6c721e9f856463195b1daed164034e677697a4cd890
Static task
static1
Behavioral task
behavioral1
Sample
init.sh
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
init.sh
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
init.sh
Resource
debian9-mipsbe
Malware Config
Targets
-
-
Target
init.sh
-
Size
39KB
-
MD5
cbdc3a5c3a3c4bca9d4f71b2f5a285ee
-
SHA1
d7130c8513e095516e5d5a9d51f5d5c4777151b5
-
SHA256
fe0816092e006960f2261a3fa919b577aa392291bb0a11149805c651ac633909
-
SHA512
00d2df9ba288e712bfe2577d9209311d6347e1a0fcf9137938619a8cda3401bd814672f5f9a6691417a5d6c721e9f856463195b1daed164034e677697a4cd890
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Deletes system logs
-
Writes file to system bin folder
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads CPU attributes
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-