General
-
Target
23726a41d7c42dfbec508e8203659e41.exe
-
Size
2.5MB
-
Sample
230321-1w72jsfc7s
-
MD5
23726a41d7c42dfbec508e8203659e41
-
SHA1
f17e7dd847cbdff1743301b15a567116e5a56cb0
-
SHA256
1fd9be727b7e58a9bb3fce45e8bd8925d471725ca2a86e102e2adb44da28e5c7
-
SHA512
80dd3c1bb73b350d78c3638a5e970430fd5fcd1a05023b089c1097ca5593e32dddcc749f96f48b5576d2441d423c5e8aa8a1a575dd5a15c2db2b748c9fd78eff
-
SSDEEP
49152:tWMazWNh42R1Wtm+DEGZHFUNxD16rtlqsC0btgzPZ+hT7cG:tWMaiNpnsJSjDAhb2zPZSIG
Malware Config
Targets
-
-
Target
23726a41d7c42dfbec508e8203659e41.exe
-
Size
2.5MB
-
MD5
23726a41d7c42dfbec508e8203659e41
-
SHA1
f17e7dd847cbdff1743301b15a567116e5a56cb0
-
SHA256
1fd9be727b7e58a9bb3fce45e8bd8925d471725ca2a86e102e2adb44da28e5c7
-
SHA512
80dd3c1bb73b350d78c3638a5e970430fd5fcd1a05023b089c1097ca5593e32dddcc749f96f48b5576d2441d423c5e8aa8a1a575dd5a15c2db2b748c9fd78eff
-
SSDEEP
49152:tWMazWNh42R1Wtm+DEGZHFUNxD16rtlqsC0btgzPZ+hT7cG:tWMaiNpnsJSjDAhb2zPZSIG
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-