General
-
Target
e7713261b0f5c078bd49b8b96cd4fe7ad126224f4caab84f64e2c1afc05499ba
-
Size
1.3MB
-
Sample
221101-e3m43ahabm
-
MD5
26304d88a3a25a6273c85a97f3dc72eb
-
SHA1
c6969f453dc795e69298da79250a04175f6903d2
-
SHA256
e7713261b0f5c078bd49b8b96cd4fe7ad126224f4caab84f64e2c1afc05499ba
-
SHA512
85a9907ed3883d7cb8c2ee56ed3a1a235d3d6430356da93bcfc191b6db760df37fb35919c98e52a12972e6cc3f7aa9da4771e5cea3adcfc36069bfcdbc88bf4f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
e7713261b0f5c078bd49b8b96cd4fe7ad126224f4caab84f64e2c1afc05499ba
-
Size
1.3MB
-
MD5
26304d88a3a25a6273c85a97f3dc72eb
-
SHA1
c6969f453dc795e69298da79250a04175f6903d2
-
SHA256
e7713261b0f5c078bd49b8b96cd4fe7ad126224f4caab84f64e2c1afc05499ba
-
SHA512
85a9907ed3883d7cb8c2ee56ed3a1a235d3d6430356da93bcfc191b6db760df37fb35919c98e52a12972e6cc3f7aa9da4771e5cea3adcfc36069bfcdbc88bf4f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-