General
-
Target
09cacacf6eef86e62b26d5d1ca217c8e.bin
-
Size
2.1MB
-
Sample
230323-bcyakaed8y
-
MD5
ed01d7c25663d28171f6c3b4793cdfcc
-
SHA1
93a5b3603b47a54554fa6a909f86781310f0026d
-
SHA256
2318153f6af14c4c99e8c0c106c4d5d28667a904bb1a6547a00f78ef03f3fab8
-
SHA512
a136c01cfd38227d41696182e48241e03d1f0cb0a4db9f3586d26ed67caa41d71f860020f1d0616b82e29009b30b5f358dd55c352ad6547f52372ba7ba9a2c3b
-
SSDEEP
49152:3OJP3Lb/uebe+JNfoanLEBEbts4/2ViYeofB:etZCEWButBb8fB
Malware Config
Targets
-
-
Target
abee8542dc156b695a019d34a7bf3734d2e63b648e4affb3209b151ab0f8e6ac.exe
-
Size
2.6MB
-
MD5
09cacacf6eef86e62b26d5d1ca217c8e
-
SHA1
21520171163005980651861cea13fc6edc82d2da
-
SHA256
abee8542dc156b695a019d34a7bf3734d2e63b648e4affb3209b151ab0f8e6ac
-
SHA512
fc90917fa408769cef02c977ff4a0f30a6b14e0fe0731a7ccd573c63da9523e48d58914c5a26b4f5d3d8faee47ea3d32ccbf5e462e802dd7b3cc23e6ad6fd4c6
-
SSDEEP
49152:ubA3jlSSI+tkWr2mvKSq32s+FBf4HrypMFQtwfRKSSutCn0:ubcSbWr2mLHyC8LSut1
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-