General
-
Target
a5002904658549011083d37676bf598446795e49c7c9b792dcfd224ca821b7ee
-
Size
1.3MB
-
Sample
221101-vnm4hseeeq
-
MD5
18cef38dc2757e3fd04d2f6fca90247b
-
SHA1
324f5e13b3a59c14707d1700c98ecc9d95ad4751
-
SHA256
a5002904658549011083d37676bf598446795e49c7c9b792dcfd224ca821b7ee
-
SHA512
736b52d9ff2f7a137a8d31862b726af5c254f14751b5b8c3f02fa9e4ce770a2c11b420e41fc1f52db2431206aad5af775531b73fb8ef862b541d96b25ac13fd0
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
a5002904658549011083d37676bf598446795e49c7c9b792dcfd224ca821b7ee
-
Size
1.3MB
-
MD5
18cef38dc2757e3fd04d2f6fca90247b
-
SHA1
324f5e13b3a59c14707d1700c98ecc9d95ad4751
-
SHA256
a5002904658549011083d37676bf598446795e49c7c9b792dcfd224ca821b7ee
-
SHA512
736b52d9ff2f7a137a8d31862b726af5c254f14751b5b8c3f02fa9e4ce770a2c11b420e41fc1f52db2431206aad5af775531b73fb8ef862b541d96b25ac13fd0
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-