General
-
Target
045097683dc542562eefd5cc67de9c37.bin
-
Size
3.6MB
-
Sample
230123-q21jjsdd95
-
MD5
07bcd5a0a8b6fa987e4aa876b51aa303
-
SHA1
ebaff77d7137d0ffe83f3cb64573bb46234f3e21
-
SHA256
1720837e2df9dccbada92057c89f871545277b49b7728adbb9b33359550a36f7
-
SHA512
b45c11d9a985e8a8e120d10b37f1e0cc63743df789d0ce032cd1d1ca21ac4fdb754719a472b71de025c577b80ad563c200906c01750aea8f3b91efe2daf3def8
-
SSDEEP
98304:Ut9FVllpHxAiJWnIvwRLizA5MOqm+dr9HeNg46u69Yu6:OFnD6oZqLchtIN1gYl
Malware Config
Targets
-
-
Target
edab3efe66eada8e6784e273dd501a376c7cfe71424cc6c3333226d6873671bf.exe
-
Size
4.0MB
-
MD5
045097683dc542562eefd5cc67de9c37
-
SHA1
0d83ce266ce526c7234b4fe46f7a2845ca233499
-
SHA256
edab3efe66eada8e6784e273dd501a376c7cfe71424cc6c3333226d6873671bf
-
SHA512
e99c59fc93b8bab88e7ec71bf8adbe9c64cbdf96fbc7088803f0d4cf0b483adb245e23fae6d9ca4ac43c5cb79b33378b785ef17822bff07d6c42a099e3125512
-
SSDEEP
98304:hCeCsdoOk1Qqrx+14KBDYauafqeu3M5qOmCc8:5dnkOq4iYEauaft4gtZ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-