General
-
Target
85e6a921f859702996dd221dab906b2441d6ecb263d402b113ef786efa7d2c79
-
Size
1.3MB
-
Sample
230202-nxdswaga56
-
MD5
c32e3208096e936d47197c7d06dbef66
-
SHA1
241bd81863c03a43114bdcf5bc45ea4ff888b0be
-
SHA256
85e6a921f859702996dd221dab906b2441d6ecb263d402b113ef786efa7d2c79
-
SHA512
7494f14ed79c556914897c280522fd5dfa97ade8c8c7aeb048ddbb63a78261006224f01bddab6bb42f7745525d9ae936a13be5c168f354df78a617eeda00b541
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
85e6a921f859702996dd221dab906b2441d6ecb263d402b113ef786efa7d2c79
-
Size
1.3MB
-
MD5
c32e3208096e936d47197c7d06dbef66
-
SHA1
241bd81863c03a43114bdcf5bc45ea4ff888b0be
-
SHA256
85e6a921f859702996dd221dab906b2441d6ecb263d402b113ef786efa7d2c79
-
SHA512
7494f14ed79c556914897c280522fd5dfa97ade8c8c7aeb048ddbb63a78261006224f01bddab6bb42f7745525d9ae936a13be5c168f354df78a617eeda00b541
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-