General
-
Target
1b42f3c8a832b8130b60169553c013b0.exe
-
Size
1.3MB
-
Sample
230202-njvt8shh5t
-
MD5
1b42f3c8a832b8130b60169553c013b0
-
SHA1
de90d2a3cf23c243b24ec31c51e5599ff9094da0
-
SHA256
e19bb77e380f8dad4bc97f3d0577ff60297e3b6f4d4de9d00c149da1ce820045
-
SHA512
b79a3999a74ebbf9097889f978890031cce799eb7173cb1efed09798d471378383d131aed955cfe622e88149272feec95ac229adfce67219c5ccf32e85f63e65
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
1b42f3c8a832b8130b60169553c013b0.exe
-
Size
1.3MB
-
MD5
1b42f3c8a832b8130b60169553c013b0
-
SHA1
de90d2a3cf23c243b24ec31c51e5599ff9094da0
-
SHA256
e19bb77e380f8dad4bc97f3d0577ff60297e3b6f4d4de9d00c149da1ce820045
-
SHA512
b79a3999a74ebbf9097889f978890031cce799eb7173cb1efed09798d471378383d131aed955cfe622e88149272feec95ac229adfce67219c5ccf32e85f63e65
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-