General
-
Target
3fa849944b3a8a21b20331abdfcf776cf875ba4329ee13e61bb5806c5368fa3d
-
Size
1.3MB
-
Sample
230202-tqepgsbc4x
-
MD5
bd6a25de7d325676506aba635b0f5068
-
SHA1
ef6afe7b5245fd0e8e8bc5bb7849de454a7779ef
-
SHA256
3fa849944b3a8a21b20331abdfcf776cf875ba4329ee13e61bb5806c5368fa3d
-
SHA512
1644e6f52592742270b39a56891a0ec62eb597e2577d93377a4428b378d01aade1e16ca7bfc18c7d5299675dd3ce0142cf47d2f89ac19c92a0fe9a36f6b5d84f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
3fa849944b3a8a21b20331abdfcf776cf875ba4329ee13e61bb5806c5368fa3d
-
Size
1.3MB
-
MD5
bd6a25de7d325676506aba635b0f5068
-
SHA1
ef6afe7b5245fd0e8e8bc5bb7849de454a7779ef
-
SHA256
3fa849944b3a8a21b20331abdfcf776cf875ba4329ee13e61bb5806c5368fa3d
-
SHA512
1644e6f52592742270b39a56891a0ec62eb597e2577d93377a4428b378d01aade1e16ca7bfc18c7d5299675dd3ce0142cf47d2f89ac19c92a0fe9a36f6b5d84f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-