General
-
Target
0e444044fdfea512ca18fc3396abb65b.bin
-
Size
2.0MB
-
Sample
230323-bc5pmsce45
-
MD5
b09be11f1e4bba7f4ab00e702b1c24cf
-
SHA1
94de5fb7ceea0f7d581c460a07f7d916c90b4d18
-
SHA256
3c1ddef41b60a5b4f1e9891232eac7e8d3727d94562b45ecab70ff6e0513f1b6
-
SHA512
f9d5e287dd5f86809f5bbc4b73600f8ba22a6c1d772951211cde582b00f0401b715dff08c0f04c2eb9ac047492fe17271032288aa4fc423c868402eafb371cb1
-
SSDEEP
49152:iYjLbwF43wpchLqhLHcu4aSl1HqqZ/70aRVKPn:FkEwpCcLHcu4aqM4/706sn
Malware Config
Targets
-
-
Target
3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755.exe
-
Size
2.4MB
-
MD5
0e444044fdfea512ca18fc3396abb65b
-
SHA1
8b601ccad5b2a76967c0ca7579dc13d092307f34
-
SHA256
3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755
-
SHA512
7b58b88c7fbcd7b97d1a08f2145794beefa2960382140bac74f1f4fe630cdd0314cd9bceb599a32c56788df1e0e9dccf84c1598c52f9c581389327428696e119
-
SSDEEP
49152:bkcwlRFUh2b69Cs9MR3uh+tytRY1aLXYqIiiJd2EHt:bkdlRI3ceI1azYqWj
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-