General
-
Target
80e01a5247779b35eaf556f8c4d3627146e27be61d79a8e840be116a1de546f3.zip
-
Size
1.0MB
-
Sample
230321-rx9gbsbb38
-
MD5
eed7df1cdba95147e39d6a2074003539
-
SHA1
ce28d644e98fc1297b545151452459c57f710f1e
-
SHA256
747181eb459e73296a0a81eab34145111c29a6c2a3b5aa790bd9a4ec8137fa45
-
SHA512
b774a8efe6552f27374aad33ca38f13d6062adc6e9e37726e0bbc3f729ec13f942b51920546505e5e678d046007be1d2b4ac2398b689c18d71862963f706bf98
-
SSDEEP
24576:fk/iRY7TxGIQUNhUzGa9Ki6YiHiEPvbLczt5e2bUf50QUrW2:y79GI3wG0K1QEPTAB5rUh05q2
Malware Config
Targets
-
-
Target
80e01a5247779b35eaf556f8c4d3627146e27be61d79a8e840be116a1de546f3.exe
-
Size
1.6MB
-
MD5
48b1cbb653ce28bed7653c6c574a2c37
-
SHA1
3482df3cacbe456fb1ee742d0c5eb85b39edea5c
-
SHA256
80e01a5247779b35eaf556f8c4d3627146e27be61d79a8e840be116a1de546f3
-
SHA512
32a4cb5a1645340e23302a9beef5be5596275683d54bc149ef3f6cd15dc94f6b34244e40c647cb822458792211f4dd3022529da891ee3f14ec94a5ae159a10ca
-
SSDEEP
24576:U2G/nvxW3Ww0tGzIvDUJbsjkoe1u0TXn8aNh6nOOnc3nxbmS8ir:UbA30G+DmwjkZuelCn3nch6S8O
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-