General
-
Target
9370a7908151a19c3fbb56983e73b67df5d7bb4eb601d734506a64d87d67c99e
-
Size
1.3MB
-
Sample
221101-fb5qgagbc4
-
MD5
15cba7c111e92431ea054ea50f4ce639
-
SHA1
fcead8d2d7c4c2169f3d6436d2bb1c14594eba46
-
SHA256
9370a7908151a19c3fbb56983e73b67df5d7bb4eb601d734506a64d87d67c99e
-
SHA512
5fb65c81e8fa59b3e4480894ae67f649807d39f92ad0ba5e584f47c43e2d0dfcf389931a72fb2138ac940e2ea85c6f989d6bfa3140c5ab08bd94e2546759edf2
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
9370a7908151a19c3fbb56983e73b67df5d7bb4eb601d734506a64d87d67c99e
-
Size
1.3MB
-
MD5
15cba7c111e92431ea054ea50f4ce639
-
SHA1
fcead8d2d7c4c2169f3d6436d2bb1c14594eba46
-
SHA256
9370a7908151a19c3fbb56983e73b67df5d7bb4eb601d734506a64d87d67c99e
-
SHA512
5fb65c81e8fa59b3e4480894ae67f649807d39f92ad0ba5e584f47c43e2d0dfcf389931a72fb2138ac940e2ea85c6f989d6bfa3140c5ab08bd94e2546759edf2
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-