General
-
Target
6b0163291d7d628a956106da672d9d887708e549fb6bcfadfa60bbf25972015e
-
Size
833KB
-
Sample
230129-1w3rtsfh6x
-
MD5
2df1a02aa24dbd24ad032ebea74c3563
-
SHA1
099c1618e594b0acfdf2aab4599021bafb6ab65f
-
SHA256
6b0163291d7d628a956106da672d9d887708e549fb6bcfadfa60bbf25972015e
-
SHA512
bca66bd11b0d7861315a69587fb9b7fe7291ae9bc90c7283b0579aad045cc7d6341de1cdfbf44c50153ead45f84d89b7b91bdfbd9be0311b90dec6c280093195
-
SSDEEP
24576:6AOcZiJriaxuJP03tLLMbzyjQRNNuxGzDvtkTq:AEJ2LU0QLaGz7tkO
Static task
static1
Behavioral task
behavioral1
Sample
6b0163291d7d628a956106da672d9d887708e549fb6bcfadfa60bbf25972015e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6b0163291d7d628a956106da672d9d887708e549fb6bcfadfa60bbf25972015e.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
6b0163291d7d628a956106da672d9d887708e549fb6bcfadfa60bbf25972015e
-
Size
833KB
-
MD5
2df1a02aa24dbd24ad032ebea74c3563
-
SHA1
099c1618e594b0acfdf2aab4599021bafb6ab65f
-
SHA256
6b0163291d7d628a956106da672d9d887708e549fb6bcfadfa60bbf25972015e
-
SHA512
bca66bd11b0d7861315a69587fb9b7fe7291ae9bc90c7283b0579aad045cc7d6341de1cdfbf44c50153ead45f84d89b7b91bdfbd9be0311b90dec6c280093195
-
SSDEEP
24576:6AOcZiJriaxuJP03tLLMbzyjQRNNuxGzDvtkTq:AEJ2LU0QLaGz7tkO
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-