General
-
Target
8489996627.zip
-
Size
1.1MB
-
Sample
221124-jprmjscg2t
-
MD5
99be1880a1752def4737f769a7af465c
-
SHA1
4691fd15227528836d936631ae1b392aeba217df
-
SHA256
05a3a5b64599cc2660968b37868008bb805780f0bfae9b6147879a6461d9a3fd
-
SHA512
941fa04ef8bf74b87e1a8442c661ed238811f1592b389b7101a4aecc7a46e433a71d3114acecae7b223dff989806b63621512d92e789a9cc2b92ad5343a07678
-
SSDEEP
24576:DLviPt3GrTV9RAVN20jHxV8DSddmvSyJ+aLGLw8+qwAZ:DLyhGrTV3A722V8DGySkLGLwrRAZ
Malware Config
Targets
-
-
Target
8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95
-
Size
1.1MB
-
MD5
b478d340a787b85e086cc951d0696cb1
-
SHA1
563d9f1b35b4898d16aff1dccd8969299f7ab8b7
-
SHA256
8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95
-
SHA512
93c5a3010ae7bf41ad966902aeaa32e17faa0bad3e76248e2096478af5bf169f817c6914a775efc666967a425716609099be8bf69e2900613a65791e4fcd3e09
-
SSDEEP
24576:npe9a9aC/qF5EZNo9DzDn07bPVICwUmmHcexxnn:pwa9a9F54qH075kUmmHxx1n
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-