General
-
Target
a68d6879bebe56c6bce50c6739b7e99bbc28af5c75bd5d4067c91d2beeb956dc
-
Size
1.3MB
-
Sample
221031-3g2bkafbbm
-
MD5
ae6e5079a642be7c5dd9caddb3ab8b9e
-
SHA1
0ca1fc9fc150b63b046b6d0aff2a6cb59d8cfd52
-
SHA256
a68d6879bebe56c6bce50c6739b7e99bbc28af5c75bd5d4067c91d2beeb956dc
-
SHA512
028ae33e6e9537a152f38d576b901ef77aa03aeb64b6bace5d54dc18b5517747a2cff9f464e415478cb25554a87a53ecb9df97c375576d97f4d044f404c607a6
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
a68d6879bebe56c6bce50c6739b7e99bbc28af5c75bd5d4067c91d2beeb956dc
-
Size
1.3MB
-
MD5
ae6e5079a642be7c5dd9caddb3ab8b9e
-
SHA1
0ca1fc9fc150b63b046b6d0aff2a6cb59d8cfd52
-
SHA256
a68d6879bebe56c6bce50c6739b7e99bbc28af5c75bd5d4067c91d2beeb956dc
-
SHA512
028ae33e6e9537a152f38d576b901ef77aa03aeb64b6bace5d54dc18b5517747a2cff9f464e415478cb25554a87a53ecb9df97c375576d97f4d044f404c607a6
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-