General
-
Target
0a6b6e2c663fbae55aa647c5299f8361637c8f1e143798c57820e99cae64516e
-
Size
2.3MB
-
Sample
221012-q16n6sdhfn
-
MD5
11194286e4d52f44ada168f98f948cbb
-
SHA1
2bd52aec3f2f2d312b216dcd4a2990a941ce0a2b
-
SHA256
0a6b6e2c663fbae55aa647c5299f8361637c8f1e143798c57820e99cae64516e
-
SHA512
fac05c4706b1e30288d12db105465a82a7ff27cd63fe007a0d3628b617f241815acb5e0e39502ad7766e3abd2876cfdf4d3bdedc9d09ad3021f95954cd556530
-
SSDEEP
49152:T9GGMmvc6PETUkDIuAaSakM8lmcNmihhi/vbpj2+kY4j7hqO7AQRP:TwGMaET30VMGmcNmih+v1vklhqO7A0
Malware Config
Targets
-
-
Target
0a6b6e2c663fbae55aa647c5299f8361637c8f1e143798c57820e99cae64516e
-
Size
2.3MB
-
MD5
11194286e4d52f44ada168f98f948cbb
-
SHA1
2bd52aec3f2f2d312b216dcd4a2990a941ce0a2b
-
SHA256
0a6b6e2c663fbae55aa647c5299f8361637c8f1e143798c57820e99cae64516e
-
SHA512
fac05c4706b1e30288d12db105465a82a7ff27cd63fe007a0d3628b617f241815acb5e0e39502ad7766e3abd2876cfdf4d3bdedc9d09ad3021f95954cd556530
-
SSDEEP
49152:T9GGMmvc6PETUkDIuAaSakM8lmcNmihhi/vbpj2+kY4j7hqO7AQRP:TwGMaET30VMGmcNmih+v1vklhqO7A0
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-