General
-
Target
lastcheatX.rar
-
Size
7.7MB
-
Sample
230117-wegqtacb53
-
MD5
872b8fbd594281c5f9fd570c659afc19
-
SHA1
a097e2b51b3f8374bb16f33aa3dfae0b5cd321c9
-
SHA256
d337dfe61eae50ffa8b738c867f1c6a405c1cc911274e42b3a233fb349e74a80
-
SHA512
71ffbbb7cae92b182d1cce9f8d952d9d7cba9ee03c3beb7c05599fff76f2b49ee6a916a53fd296ba99bca87c8b89676a91853e4316d155bfdfeff904ea54ff76
-
SSDEEP
196608:NM/AubOupGXc9r8rtU+Nzz6tBB20eu5CPFUDjY71ndpHbfx:/u/WcmrPNz0o0aPRXbfx
Malware Config
Targets
-
-
Target
lastcheatX.rar
-
Size
7.7MB
-
MD5
872b8fbd594281c5f9fd570c659afc19
-
SHA1
a097e2b51b3f8374bb16f33aa3dfae0b5cd321c9
-
SHA256
d337dfe61eae50ffa8b738c867f1c6a405c1cc911274e42b3a233fb349e74a80
-
SHA512
71ffbbb7cae92b182d1cce9f8d952d9d7cba9ee03c3beb7c05599fff76f2b49ee6a916a53fd296ba99bca87c8b89676a91853e4316d155bfdfeff904ea54ff76
-
SSDEEP
196608:NM/AubOupGXc9r8rtU+Nzz6tBB20eu5CPFUDjY71ndpHbfx:/u/WcmrPNz0o0aPRXbfx
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-