General
-
Target
9184cb951112cb813ca258c224f77a4154072766f7cb36dc83a542c874014f34
-
Size
1.3MB
-
Sample
230202-vhv7yaed5t
-
MD5
506e452b273e48457049804e61dbb54d
-
SHA1
b54a4bc1bb52de4fd066357a44e407e28262949a
-
SHA256
9184cb951112cb813ca258c224f77a4154072766f7cb36dc83a542c874014f34
-
SHA512
1699be031c6cba35c5e3c3a61fdc1d5f3b5c433b88d994c7925a6ae5d15d85c639a1e33b9e615ed6893dcd8269733ce2a550d13d331c022170e5852c1187ec48
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
9184cb951112cb813ca258c224f77a4154072766f7cb36dc83a542c874014f34
-
Size
1.3MB
-
MD5
506e452b273e48457049804e61dbb54d
-
SHA1
b54a4bc1bb52de4fd066357a44e407e28262949a
-
SHA256
9184cb951112cb813ca258c224f77a4154072766f7cb36dc83a542c874014f34
-
SHA512
1699be031c6cba35c5e3c3a61fdc1d5f3b5c433b88d994c7925a6ae5d15d85c639a1e33b9e615ed6893dcd8269733ce2a550d13d331c022170e5852c1187ec48
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-