General
-
Target
0a3346f8e23808d303382d4b64b8524f.exe
-
Size
1.6MB
-
Sample
230326-k5la5saa21
-
MD5
0a3346f8e23808d303382d4b64b8524f
-
SHA1
2fc25432b9a10c911a238800091fb786454e371e
-
SHA256
54d7bc30cd4f413106c5b57e5b29ea7ec560fccafdf08a4b8d7182715f4a3f94
-
SHA512
6ddfe6e02cabcecd0b8b55371220364990309209f5a1b0e506ddfe31f4085f5d2f4b59df199b06cb808cb233a77f9f5c10daa082570889ba26db80d0c0db5e63
-
SSDEEP
24576:lTBTsIBMNjnNNOhAe/S0o16wqw1fxocelLqd2HkPPcKbcI6Bw7Azuu0+k+51rFkP:+4lqcKsesqu0Lk9ObVS
Malware Config
Targets
-
-
Target
0a3346f8e23808d303382d4b64b8524f.exe
-
Size
1.6MB
-
MD5
0a3346f8e23808d303382d4b64b8524f
-
SHA1
2fc25432b9a10c911a238800091fb786454e371e
-
SHA256
54d7bc30cd4f413106c5b57e5b29ea7ec560fccafdf08a4b8d7182715f4a3f94
-
SHA512
6ddfe6e02cabcecd0b8b55371220364990309209f5a1b0e506ddfe31f4085f5d2f4b59df199b06cb808cb233a77f9f5c10daa082570889ba26db80d0c0db5e63
-
SSDEEP
24576:lTBTsIBMNjnNNOhAe/S0o16wqw1fxocelLqd2HkPPcKbcI6Bw7Azuu0+k+51rFkP:+4lqcKsesqu0Lk9ObVS
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-