General
-
Target
5f8c9693df7c4cd7a96790a86f3728b3f572084b2e52bf93c6f9f1e2ff438a95.zip
-
Size
170KB
-
Sample
230321-rx8j2abb35
-
MD5
d05ccd919987e63b5e334e5fa28a4dc3
-
SHA1
4790fe2864a117a8b48e118c1a120d70dcd292ba
-
SHA256
3a9470103bc418e35d2d2a6dd529a6ed86efdbb5b9cf9829470e0c34dc83745c
-
SHA512
2bcd660f101a11770b07d1a968372f759149ec46ccde76174ca7ac8ec8303708715477a65259e9fc09ec158c495df384ec20a9b5d6cbf56dfa3e87e00b9444c2
-
SSDEEP
3072:eXU6EtMR4bGxYF5Gyh4U9EzLi0um8oFAQDgeov0Vjb72gApoavd+bR:eWBGxYF5Gyh4NzLixRnQ0eovQbdApo22
Malware Config
Targets
-
-
Target
5f8c9693df7c4cd7a96790a86f3728b3f572084b2e52bf93c6f9f1e2ff438a95.exe
-
Size
382KB
-
MD5
aacf5c0709892fb2b34a58f13a509a72
-
SHA1
5d96eee503b2e50f32ead6f0a2c9d53d1a8629e2
-
SHA256
5f8c9693df7c4cd7a96790a86f3728b3f572084b2e52bf93c6f9f1e2ff438a95
-
SHA512
bf707ec37d4151e8c6790c365635a6c577a8f19cbe81eaa7c8b4100f4def6a2a177796700f2ffc7317b306e52004ccb4aff1eba8457448235a06c8947cd806c7
-
SSDEEP
6144:aZOyN3U5qAkANOhVTu0chaE4OJ5rBM/vt9APsOYrDSIbd7C53WTvL1wCqy:aZNE5hAhVnE48S/vt92YDSE7xLx
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-