General
-
Target
skinchanger_csgo_13.06.2021.rar
-
Size
4.5MB
-
Sample
210618-hrj4pexwnj
-
MD5
558256c083925864f771b107d1e7d8a5
-
SHA1
ee67ab679f77bf91ea472a1e4f87cf732f132b89
-
SHA256
81a43a66264606f51011e4d78daebde1d04fa72cb6ed6993004f9a339fdb5e93
-
SHA512
b57976b69bef4c4ba975c3822eee0d33e9e9691a7e1ce563df982e69f5781e178a86a4bf7ac4f416f0b88c44b3976233a05b8f25e66d1b3dad57c4a3345b8e13
Malware Config
Targets
-
-
Target
skinchanger_csgo_13.06.2021.exe
-
Size
11.8MB
-
MD5
7deee811c461cbdca7046e8db7cfae20
-
SHA1
edde2dc49adabe238151cd66063246870083a018
-
SHA256
b5916559e5eb893a5ee47900a09e9630ef47d6d52492a15238a6748d4ecdab0d
-
SHA512
f8e382f2679b9db4733e9c622ba8dc44a086272b761430eebd983f40fae4896d539d3de6537581c1d2ffe02357ea87ca3008ca272f9d05992d5f457c93574af2
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat Payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-