General
-
Target
2fd35a47c26de70495d7abd6e8704e1d.exe
-
Size
1.4MB
-
Sample
210714-b37dbjptsj
-
MD5
2fd35a47c26de70495d7abd6e8704e1d
-
SHA1
f157f9515ba04c7532e1908b578fe37a873cda76
-
SHA256
f60133f0545df116739879fd080e0fc688aece721a4123612ebaa479c2c551e0
-
SHA512
993beeba72931cbc5084161bd11f4b759c5ee191de4920e86882624d9d66a34aa4683d522648dc40f03a46e7f6fdb015072280bb79160d0dc12e929009e4253c
Behavioral task
behavioral1
Sample
2fd35a47c26de70495d7abd6e8704e1d.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2fd35a47c26de70495d7abd6e8704e1d.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
2fd35a47c26de70495d7abd6e8704e1d.exe
-
Size
1.4MB
-
MD5
2fd35a47c26de70495d7abd6e8704e1d
-
SHA1
f157f9515ba04c7532e1908b578fe37a873cda76
-
SHA256
f60133f0545df116739879fd080e0fc688aece721a4123612ebaa479c2c551e0
-
SHA512
993beeba72931cbc5084161bd11f4b759c5ee191de4920e86882624d9d66a34aa4683d522648dc40f03a46e7f6fdb015072280bb79160d0dc12e929009e4253c
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-