General
-
Target
1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab
-
Size
3.3MB
-
Sample
220520-1wjc7aeda3
-
MD5
cbc2e658197bf5061a0c8fca10ebb0e3
-
SHA1
aeff21358b16e27e52241e505bc01f563d7cbd68
-
SHA256
1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab
-
SHA512
c1580bba44de40cf81b133bf6bd09e04f80e401942928b1167edf101c6d50c42de654e32134a4017d2f31f110fbdc6bb7e73f0dccca5ceb94efa00bd5d1a46b0
Static task
static1
Behavioral task
behavioral1
Sample
1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab
-
Size
3.3MB
-
MD5
cbc2e658197bf5061a0c8fca10ebb0e3
-
SHA1
aeff21358b16e27e52241e505bc01f563d7cbd68
-
SHA256
1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab
-
SHA512
c1580bba44de40cf81b133bf6bd09e04f80e401942928b1167edf101c6d50c42de654e32134a4017d2f31f110fbdc6bb7e73f0dccca5ceb94efa00bd5d1a46b0
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-