Extracted

• • Target

    don.dotm

  • Size

    15KB

  • MD5

    f241091ae1293c0a2ae516a374af2062

  • SHA1

    6390737f980d3e96146c7d323e135ddfd41ab260

  • SHA256

    b5033ef20a56db2c7751506e413b6ff82b861de6f83c156f9249105eaa1db596

  • SHA512

    464c8eb31a8afe0767d065d4438b85876747e238c019b2b2ffbdd9e75b57e03ecf0d7fbf72916d34dc9e5aa7a38cd1936f2ad89934a420f911612bfb45adfd00

  • SSDEEP

    384:tmtegnDrrVsC78JecdkaP6akwLWdxd8KYB3HF:qlnDrrJ8J/ytakw6Lm1F

  Score

  10^/10

  dcratinfostealerrat

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • DCRat payload

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat

  • Suspicious use of SetThreadContext

  behavioral1behavioral2