General
-
Target
abedf09a962a9489dba07ff3b6a93e41.exe
-
Size
1.3MB
-
Sample
230202-qnx69sgf29
-
MD5
abedf09a962a9489dba07ff3b6a93e41
-
SHA1
25098fb30ee8b79bdeeee1e93eb9506b6f93832a
-
SHA256
bc657cb8e72afeb4f4d2a2f056162f0c3b8486fdfe80bc33a41d7871b35f8f4a
-
SHA512
33a334bdea2742505a200cb6af63f1239681296d9be50e6aefc0543887849d1a55e66f0336e355e5ab768fcfb79a57212aefad9218df2a18be51c4aee5f99a3e
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
abedf09a962a9489dba07ff3b6a93e41.exe
-
Size
1.3MB
-
MD5
abedf09a962a9489dba07ff3b6a93e41
-
SHA1
25098fb30ee8b79bdeeee1e93eb9506b6f93832a
-
SHA256
bc657cb8e72afeb4f4d2a2f056162f0c3b8486fdfe80bc33a41d7871b35f8f4a
-
SHA512
33a334bdea2742505a200cb6af63f1239681296d9be50e6aefc0543887849d1a55e66f0336e355e5ab768fcfb79a57212aefad9218df2a18be51c4aee5f99a3e
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-