General
-
Target
11f790ade80bc83204d10e4c7cf2f957.exe
-
Size
2.6MB
-
Sample
220925-akggcacec6
-
MD5
11f790ade80bc83204d10e4c7cf2f957
-
SHA1
f59adc7146d76222816821ec5d9e11fbfc501f9e
-
SHA256
f7d4d0c674f3dc9ad0b2bc85b65c1cd2eea9e25d67c86790e30b0ff3452fb82a
-
SHA512
9fb975c8fc25c981fdc89c72fdf81eb11a3a71a4c86231892ad9d2a53f51701d75c50c6b1da57c8a9ac669c35816d1691b4364bdfe08a23f01f8a57b1932f184
-
SSDEEP
49152:+pTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:+ZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Malware Config
Targets
-
-
Target
11f790ade80bc83204d10e4c7cf2f957.exe
-
Size
2.6MB
-
MD5
11f790ade80bc83204d10e4c7cf2f957
-
SHA1
f59adc7146d76222816821ec5d9e11fbfc501f9e
-
SHA256
f7d4d0c674f3dc9ad0b2bc85b65c1cd2eea9e25d67c86790e30b0ff3452fb82a
-
SHA512
9fb975c8fc25c981fdc89c72fdf81eb11a3a71a4c86231892ad9d2a53f51701d75c50c6b1da57c8a9ac669c35816d1691b4364bdfe08a23f01f8a57b1932f184
-
SSDEEP
49152:+pTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:+ZpktrvTOqp2Nw3L0gRbfGI8sepeu1
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-