General
-
Target
9356ed2de6a7feed01f5fecb99fc74ddd0eab39eb9421c7a31f5562ada971239
-
Size
6.6MB
-
Sample
221002-s2chtsecer
-
MD5
81f2740836dbe2cafa7e671398391962
-
SHA1
03602d8af9f6d298a939fce0309117f394b8ad2e
-
SHA256
9356ed2de6a7feed01f5fecb99fc74ddd0eab39eb9421c7a31f5562ada971239
-
SHA512
34803ecb93d2acf992772be863ad9be3bac7a10fe087d013641586d4a7361d72a5ab8a15a4dc60f9b4d990c5d3b86fd3bd596f87a3be25faa7c2a5380556e15a
-
SSDEEP
196608:rVks9fzm96+85xe7PqCsXDjpf/2WliXYrHW1LHFO0fN:5d+h7PqCEJ2ciIrHWRHFO8
Malware Config
Targets
-
-
Target
9356ed2de6a7feed01f5fecb99fc74ddd0eab39eb9421c7a31f5562ada971239
-
Size
6.6MB
-
MD5
81f2740836dbe2cafa7e671398391962
-
SHA1
03602d8af9f6d298a939fce0309117f394b8ad2e
-
SHA256
9356ed2de6a7feed01f5fecb99fc74ddd0eab39eb9421c7a31f5562ada971239
-
SHA512
34803ecb93d2acf992772be863ad9be3bac7a10fe087d013641586d4a7361d72a5ab8a15a4dc60f9b4d990c5d3b86fd3bd596f87a3be25faa7c2a5380556e15a
-
SSDEEP
196608:rVks9fzm96+85xe7PqCsXDjpf/2WliXYrHW1LHFO0fN:5d+h7PqCEJ2ciIrHWRHFO8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-