General
-
Target
acabb7c4bd038dd75dbebaf4a0ad4cc0332dba080394d485f4071c31f8f1469a
-
Size
1.3MB
-
Sample
221102-psgjmsbha2
-
MD5
408a1bd349271d1acf8b3a1b6d072c72
-
SHA1
4a22af6864e17264779f572f7c2ce635cdd7f672
-
SHA256
acabb7c4bd038dd75dbebaf4a0ad4cc0332dba080394d485f4071c31f8f1469a
-
SHA512
7a511d50fe37a5c0edd30edf46e50e7466dc3f24679ed903661c7b1b5791eb676477e76b77f102307bea6eb9b17981cc10cbbc54dee708ca680164d18737b299
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
acabb7c4bd038dd75dbebaf4a0ad4cc0332dba080394d485f4071c31f8f1469a
-
Size
1.3MB
-
MD5
408a1bd349271d1acf8b3a1b6d072c72
-
SHA1
4a22af6864e17264779f572f7c2ce635cdd7f672
-
SHA256
acabb7c4bd038dd75dbebaf4a0ad4cc0332dba080394d485f4071c31f8f1469a
-
SHA512
7a511d50fe37a5c0edd30edf46e50e7466dc3f24679ed903661c7b1b5791eb676477e76b77f102307bea6eb9b17981cc10cbbc54dee708ca680164d18737b299
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-