General
-
Target
8a96c9c56015a9b0d1906b474cfcce47395141545cb51b9fed84e4355af2d4bf
-
Size
1.3MB
-
Sample
221101-m9z17scbfl
-
MD5
8376205e9d62e538434495437b457c94
-
SHA1
4935b3e4052a490d23d39fab301ea67abd30b342
-
SHA256
8a96c9c56015a9b0d1906b474cfcce47395141545cb51b9fed84e4355af2d4bf
-
SHA512
ef3c9f8984dc4d4a5f9670bad53636b15e410efa7e8749ec5e01a3fa5a8a811bf73939edf2da3311144bb265de7dba290517341371ba2db0fb19f666788de971
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
8a96c9c56015a9b0d1906b474cfcce47395141545cb51b9fed84e4355af2d4bf
-
Size
1.3MB
-
MD5
8376205e9d62e538434495437b457c94
-
SHA1
4935b3e4052a490d23d39fab301ea67abd30b342
-
SHA256
8a96c9c56015a9b0d1906b474cfcce47395141545cb51b9fed84e4355af2d4bf
-
SHA512
ef3c9f8984dc4d4a5f9670bad53636b15e410efa7e8749ec5e01a3fa5a8a811bf73939edf2da3311144bb265de7dba290517341371ba2db0fb19f666788de971
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-