General
-
Target
9a1271b3592e05b264b394a87091f79bb7597d0a18f011be21833c662044ecbb
-
Size
1.3MB
-
Sample
221102-aknwesgba4
-
MD5
c9c1a928abbc7ce1398f28a970c84933
-
SHA1
5f92b79f4d085a5840b8612f7886c86dc7dff018
-
SHA256
9a1271b3592e05b264b394a87091f79bb7597d0a18f011be21833c662044ecbb
-
SHA512
c37881d9428b64f97e24e808c394f05f29e19334b1ad25c2ea0eb32a507a9a08791d6d8192bc951865d9247c8ae975418165932e9ceb4a0ab7638a8792f4b8e7
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
9a1271b3592e05b264b394a87091f79bb7597d0a18f011be21833c662044ecbb
-
Size
1.3MB
-
MD5
c9c1a928abbc7ce1398f28a970c84933
-
SHA1
5f92b79f4d085a5840b8612f7886c86dc7dff018
-
SHA256
9a1271b3592e05b264b394a87091f79bb7597d0a18f011be21833c662044ecbb
-
SHA512
c37881d9428b64f97e24e808c394f05f29e19334b1ad25c2ea0eb32a507a9a08791d6d8192bc951865d9247c8ae975418165932e9ceb4a0ab7638a8792f4b8e7
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-