General
-
Target
a3d62a0119881ed4e9303b16becc7ad8dfe6763d6b872487d7fc830219f83c47
-
Size
1.3MB
-
Sample
221101-s4yh3sdba5
-
MD5
bddc03b52e6e5efe1db952e967312c89
-
SHA1
86d9a85421107c80204622ce7ac370df33f34d82
-
SHA256
a3d62a0119881ed4e9303b16becc7ad8dfe6763d6b872487d7fc830219f83c47
-
SHA512
c14a23b212fdc987795fbe57d8549203b2faeefe780c9cabf1becd3af76395a1c9fc8a71acdcebcc65a8578fb079593fb53c602dbbfbf1fb3528614cd9c02a6f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
a3d62a0119881ed4e9303b16becc7ad8dfe6763d6b872487d7fc830219f83c47
-
Size
1.3MB
-
MD5
bddc03b52e6e5efe1db952e967312c89
-
SHA1
86d9a85421107c80204622ce7ac370df33f34d82
-
SHA256
a3d62a0119881ed4e9303b16becc7ad8dfe6763d6b872487d7fc830219f83c47
-
SHA512
c14a23b212fdc987795fbe57d8549203b2faeefe780c9cabf1becd3af76395a1c9fc8a71acdcebcc65a8578fb079593fb53c602dbbfbf1fb3528614cd9c02a6f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-