General
-
Target
58f0c6da2b8f77c82690d7e39c3493e5.bin
-
Size
167KB
-
Sample
230120-mfkdnafd9v
-
MD5
7f55289ed55066499091969bbdd9d2b0
-
SHA1
5131a5658c5f570b413bf78b0ee9a962f0fc82f5
-
SHA256
67de30cc1f8c495f238859c6c687603d47c0e0ba68b53ec01e1d454ce1035193
-
SHA512
385872d092f13e9fd39f19f5d104433d95d70385b63bfe81d4b0b2dff1a6e3555771065ee5083477b3c472f2469688bd0ad2c090b90915896fa60dd15a338b66
-
SSDEEP
3072:ZQb1gK3FkIsTmoZI0I0MTUpjupeMSEjx7LTee2QvLifsPCuN2Iba4lM7uSRSho:ZiSKVkIsfZI/JTUpj+emLC7sPCCPbCuM
Malware Config
Targets
-
-
Target
d381f6edb32f269962e5ac16f8fd823052ac5e0bf0109ca2e34caf422b8d05b1.exe
-
Size
390KB
-
MD5
58f0c6da2b8f77c82690d7e39c3493e5
-
SHA1
6aac45409875bea8e14b76526d1ca70608ab21c4
-
SHA256
d381f6edb32f269962e5ac16f8fd823052ac5e0bf0109ca2e34caf422b8d05b1
-
SHA512
3db6c4fc06ef2348f183d2501e8afa900115c6ea1120a6f2d1e8755d8f07489e28555e4f1d54546cb508b5bddf549710edf9776057b2e060ed69df714ad63a1a
-
SSDEEP
6144:tqqDLOQyF9Z5WnODj/VA53IwJgCqRRfWwEK8a7qfZStZcFoib+C3YQd:QqnOxF9enODj/VY3gvbEVaFmo
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-