General
-
Target
7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941
-
Size
2.2MB
-
Sample
220520-2rfxyaahbr
-
MD5
7666f4f50e25b9c8af50a605b2292170
-
SHA1
adef3e910f165eb6071767c7b40fd7cf22452cbd
-
SHA256
7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941
-
SHA512
6b433ffa42d30003fda168a4754dc4aabeef8309a308625816909d52587148650acb05b5ad73251113d4539f09aa2d015213623ace63aa020cd2841d93ebb988
Static task
static1
Behavioral task
behavioral1
Sample
7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941
-
Size
2.2MB
-
MD5
7666f4f50e25b9c8af50a605b2292170
-
SHA1
adef3e910f165eb6071767c7b40fd7cf22452cbd
-
SHA256
7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941
-
SHA512
6b433ffa42d30003fda168a4754dc4aabeef8309a308625816909d52587148650acb05b5ad73251113d4539f09aa2d015213623ace63aa020cd2841d93ebb988
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
suricata: ET MALWARE DCRat Initial CnC Activity
suricata: ET MALWARE DCRat Initial CnC Activity
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-