General
-
Target
FGZlVYbGGS.exe
-
Size
2.9MB
-
Sample
230130-cmvg4adf22
-
MD5
f005ea5a727f0543d559c4d430c9078b
-
SHA1
a671eac2ca2ae7eb39980f9cca0261b346246152
-
SHA256
c00b5a8c5635fbf1075f5048ee4ef28f9926f2e5d72a903e1a10cbdad1812de3
-
SHA512
ea69ebef2c24158c94713e5b9afe426c105d350163fb87b56c0c1bb684a0dcd40b5fd789b6fbdffaaa25b70bedb8690043e3bc0816fdef2f72a3681792211fc6
-
SSDEEP
49152:H4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:YDKmzjWnC8Wikx1DUN2/Uq
Malware Config
Targets
-
-
Target
FGZlVYbGGS.exe
-
Size
2.9MB
-
MD5
f005ea5a727f0543d559c4d430c9078b
-
SHA1
a671eac2ca2ae7eb39980f9cca0261b346246152
-
SHA256
c00b5a8c5635fbf1075f5048ee4ef28f9926f2e5d72a903e1a10cbdad1812de3
-
SHA512
ea69ebef2c24158c94713e5b9afe426c105d350163fb87b56c0c1bb684a0dcd40b5fd789b6fbdffaaa25b70bedb8690043e3bc0816fdef2f72a3681792211fc6
-
SSDEEP
49152:H4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:YDKmzjWnC8Wikx1DUN2/Uq
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks whether UAC is enabled
-