General
-
Target
laburo.doc
-
Size
525KB
-
Sample
220802-v793dsafem
-
MD5
9e5e0266ab23b4cbc05272e0376866f7
-
SHA1
b8e7bf8f15fa371fefa5d84e42c5cf3929ca3df6
-
SHA256
7a40a331fa7a62c03e2560207db1e63a2fa30f99d5feb55d4af98508e35bc7f1
-
SHA512
db7feb0d1f5c33c88eae27679c461ea662c008a3a6629f5deed36e391c84ddc3852bf4f9d708caf21bbfb94914e77aa4c80c0d457ac602af2168905c886f9118
Malware Config
Targets
-
-
Target
laburo.doc
-
Size
525KB
-
MD5
9e5e0266ab23b4cbc05272e0376866f7
-
SHA1
b8e7bf8f15fa371fefa5d84e42c5cf3929ca3df6
-
SHA256
7a40a331fa7a62c03e2560207db1e63a2fa30f99d5feb55d4af98508e35bc7f1
-
SHA512
db7feb0d1f5c33c88eae27679c461ea662c008a3a6629f5deed36e391c84ddc3852bf4f9d708caf21bbfb94914e77aa4c80c0d457ac602af2168905c886f9118
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-