General
-
Target
Скриншот.scr
-
Size
2.0MB
-
Sample
230124-rtrr4sdf71
-
MD5
4130cc053051c6d837a67570ee0b014e
-
SHA1
0c589bfb09418dc835800d785e025866921325e0
-
SHA256
deccb4702668020e6bfc1429fe610de599a4385667e5ff2779917f49fc867ed2
-
SHA512
d18bf297ea60dc4c082a420f74302dc17306ae3ab509bc0f0c38b3691867f41563045b7faed1972efb82738d5b5f02e056574136e3de29a866e6dcde7544621d
-
SSDEEP
49152:1bA3gTuxSrTiMusYHYm07yKo4fl8ykl+jELqdFVdhhr:1biwiMs07yK1li+jwqX/hh
Malware Config
Targets
-
-
Target
Скриншот.scr
-
Size
2.0MB
-
MD5
4130cc053051c6d837a67570ee0b014e
-
SHA1
0c589bfb09418dc835800d785e025866921325e0
-
SHA256
deccb4702668020e6bfc1429fe610de599a4385667e5ff2779917f49fc867ed2
-
SHA512
d18bf297ea60dc4c082a420f74302dc17306ae3ab509bc0f0c38b3691867f41563045b7faed1972efb82738d5b5f02e056574136e3de29a866e6dcde7544621d
-
SSDEEP
49152:1bA3gTuxSrTiMusYHYm07yKo4fl8ykl+jELqdFVdhhr:1biwiMs07yK1li+jwqX/hh
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-