General
-
Target
0bcc3265d6d56e45dab526559699b422.bin
-
Size
2.3MB
-
Sample
230123-q9hnpsfa71
-
MD5
cecd6b06df116484e558845177ff50d9
-
SHA1
ca3c14e4eb52064da6466d0d112e48100b31465b
-
SHA256
01e29f940622ea5058fe8d7ce27d65dad6b03375e933aae9332cb0794f157182
-
SHA512
abc9392f3467f2b5c79065f5a5a72f6f67f6cd9ebfc72146e8440b0d9b0fe8cbf099deccbefea6b686294e876798631099944f8a2d85af758c524b5c745d1653
-
SSDEEP
49152:qYERcj89IfI7rI9Yv/xg/Zp+wpI13HBo8reF+mfFGULrCzxu:qYm427P1v/ir+Wo3v6F+mQIr6xu
Malware Config
Targets
-
-
Target
a94aca257665bcea149485ab8facd158b5aa6d7c0885b68b56d1a97293dc663e.exe
-
Size
2.9MB
-
MD5
0bcc3265d6d56e45dab526559699b422
-
SHA1
7d39ccb90dd9bbfed5821fc0f99412c35a0042c0
-
SHA256
a94aca257665bcea149485ab8facd158b5aa6d7c0885b68b56d1a97293dc663e
-
SHA512
9c9eaaf4bacb3db059b60807647c6aedfd3f00953ab29c35a13780df506774d4b04b678c6f6c7c3ae4ed5f8e07db0be48e76eff23b1c6a26454be55a47fa7bd9
-
SSDEEP
49152:UbA30uDZpwmT1XvIwCsVM69SorvgQM/Fngf2z5op/SyPfvxgN+B3Ah8:UbatphI3sVBdrvgj/Fgf2z5op/dPnxq+
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-