General
-
Target
0b0ec65382f89a78a0fe6e8806692b3c.exe
-
Size
1.4MB
-
Sample
230111-fnjnrsec8y
-
MD5
0b0ec65382f89a78a0fe6e8806692b3c
-
SHA1
c53d487fe509f97d8f25565afa6b93a7ddc5a32d
-
SHA256
025f59dd06ad2bd27f44923788303977c9c35274632bd4a0068a4d2d01faec5f
-
SHA512
7672df5a954cc1be0d507d9e87af0301d70f031ce083b0bb145ba5f45b4de3c5478c27b8f34e8c304e556728e81389c5cde30242f2bb40b3eff7ddbadb0c9c92
-
SSDEEP
24576:DnTvNh6VDOAxsd05hhdshr0SafxxyiDSvGzNlZhlUmbhL:DLNh6ViAxsqr6r0hfqY/lb2
Malware Config
Targets
-
-
Target
0b0ec65382f89a78a0fe6e8806692b3c.exe
-
Size
1.4MB
-
MD5
0b0ec65382f89a78a0fe6e8806692b3c
-
SHA1
c53d487fe509f97d8f25565afa6b93a7ddc5a32d
-
SHA256
025f59dd06ad2bd27f44923788303977c9c35274632bd4a0068a4d2d01faec5f
-
SHA512
7672df5a954cc1be0d507d9e87af0301d70f031ce083b0bb145ba5f45b4de3c5478c27b8f34e8c304e556728e81389c5cde30242f2bb40b3eff7ddbadb0c9c92
-
SSDEEP
24576:DnTvNh6VDOAxsd05hhdshr0SafxxyiDSvGzNlZhlUmbhL:DLNh6ViAxsqr6r0hfqY/lb2
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-