General
-
Target
3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755(DCRat).zip
-
Size
2.0MB
-
Sample
230324-w28staaf6s
-
MD5
65c73c59b9a7d0cc7365d155370477a3
-
SHA1
bc840bb02b11a108f3d3a2dd45c44a7b6c0e0f91
-
SHA256
2f0cdc7d4ba53c01c835c4f1dfd15d7bd86f96ed767a279cb9c8529b44cd4931
-
SHA512
7f249085e437b3bbc09f626fca4be72f1f029d1c73d82e26e9deb8f720ac2d8ac4a05ad009868c87d0ae5ba7d11dc9a8f66664edb36a412c5a6f7c02deecde7c
-
SSDEEP
49152:L66Ez19qIhCEQT9QSVIOrWd+83ZxyDl+YnaJxfC0C7x8QUVbwIhpU:LwXqJEuVuDbyDAKa760YuQUp4
Behavioral task
behavioral1
Sample
3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755.exe
-
Size
2.4MB
-
MD5
0e444044fdfea512ca18fc3396abb65b
-
SHA1
8b601ccad5b2a76967c0ca7579dc13d092307f34
-
SHA256
3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755
-
SHA512
7b58b88c7fbcd7b97d1a08f2145794beefa2960382140bac74f1f4fe630cdd0314cd9bceb599a32c56788df1e0e9dccf84c1598c52f9c581389327428696e119
-
SSDEEP
49152:bkcwlRFUh2b69Cs9MR3uh+tytRY1aLXYqIiiJd2EHt:bkdlRI3ceI1azYqWj
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-