General
-
Target
2e551d21c660eef64ca8925833e6e5dd9ebf49a5dd2368d208cfc4b7d144c5ad
-
Size
1.3MB
-
Sample
221102-fm8lhaabem
-
MD5
81b26ee5abcca61b51320fda976d8ca1
-
SHA1
883da2683040d50a2f0070fa2e1b75738f8df4cb
-
SHA256
2e551d21c660eef64ca8925833e6e5dd9ebf49a5dd2368d208cfc4b7d144c5ad
-
SHA512
d7bf5c8cbb90a91deb58dc9c0e4124a6992dba8d113afb900724d92c2515e514c896826897706108ebff24e0dffc52546b6d50bdbde4390d043e669d79a48529
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
2e551d21c660eef64ca8925833e6e5dd9ebf49a5dd2368d208cfc4b7d144c5ad
-
Size
1.3MB
-
MD5
81b26ee5abcca61b51320fda976d8ca1
-
SHA1
883da2683040d50a2f0070fa2e1b75738f8df4cb
-
SHA256
2e551d21c660eef64ca8925833e6e5dd9ebf49a5dd2368d208cfc4b7d144c5ad
-
SHA512
d7bf5c8cbb90a91deb58dc9c0e4124a6992dba8d113afb900724d92c2515e514c896826897706108ebff24e0dffc52546b6d50bdbde4390d043e669d79a48529
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-