General
-
Target
e933cf29544e0406adad6e3e93a11130f240187ece16c3edc84af3f9a27e5b5f
-
Size
1.3MB
-
Sample
230202-yg7q5aab9v
-
MD5
f33280bdae3cb4338f1df2a45fb2320e
-
SHA1
53c377cea276531bb6005b92a9c348870b04296b
-
SHA256
e933cf29544e0406adad6e3e93a11130f240187ece16c3edc84af3f9a27e5b5f
-
SHA512
2cedc5e89ab05a8331434c72277b4528d639b5ea5507f6034ad33d66b1e77111893176e3618833ef41911b8de039f41dfca321c46847b9842f5981666ae48d8b
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Targets
-
-
Target
e933cf29544e0406adad6e3e93a11130f240187ece16c3edc84af3f9a27e5b5f
-
Size
1.3MB
-
MD5
f33280bdae3cb4338f1df2a45fb2320e
-
SHA1
53c377cea276531bb6005b92a9c348870b04296b
-
SHA256
e933cf29544e0406adad6e3e93a11130f240187ece16c3edc84af3f9a27e5b5f
-
SHA512
2cedc5e89ab05a8331434c72277b4528d639b5ea5507f6034ad33d66b1e77111893176e3618833ef41911b8de039f41dfca321c46847b9842f5981666ae48d8b
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-