General
-
Target
bdf85a0d4de087264aa6fd089375adda.exe
-
Size
1.3MB
-
Sample
230111-a1sjjsab26
-
MD5
bdf85a0d4de087264aa6fd089375adda
-
SHA1
c1e0b04c84419d3364148835d67ba9bf98c55b7c
-
SHA256
7235f8a24a197b99d55e124472f7689509057074e00efe0a3ed18feb26b3a88c
-
SHA512
22ff8d54b814e0412acbc5ac5a44af1088ee558460cf8effd148860543b37c0daf1cda8d45b202a49fe00946d8e8e40b403163079452e0968a89c62f1735df80
-
SSDEEP
24576:/2G/nvxW3WF36YW5Mna4CGWoyJmZ+3uBWMjDhN:/bA3pYsM4GmDMDb
Malware Config
Targets
-
-
Target
bdf85a0d4de087264aa6fd089375adda.exe
-
Size
1.3MB
-
MD5
bdf85a0d4de087264aa6fd089375adda
-
SHA1
c1e0b04c84419d3364148835d67ba9bf98c55b7c
-
SHA256
7235f8a24a197b99d55e124472f7689509057074e00efe0a3ed18feb26b3a88c
-
SHA512
22ff8d54b814e0412acbc5ac5a44af1088ee558460cf8effd148860543b37c0daf1cda8d45b202a49fe00946d8e8e40b403163079452e0968a89c62f1735df80
-
SSDEEP
24576:/2G/nvxW3WF36YW5Mna4CGWoyJmZ+3uBWMjDhN:/bA3pYsM4GmDMDb
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-