General
-
Target
7fe28f3a0c82bcbefc9a1459a90bb1ec75e719ea22ba247bac808e9411e03fd4
-
Size
1.1MB
-
Sample
230328-1myrhsfc2z
-
MD5
65d51781ab30cd3cf45cf872ab1393f2
-
SHA1
b535debd54056fe55231b9f040f62f0a2373278b
-
SHA256
7fe28f3a0c82bcbefc9a1459a90bb1ec75e719ea22ba247bac808e9411e03fd4
-
SHA512
354daab5682bff1890d4f240f39c1ba62edad06fc7d9cf474d02572eff6c9a6df91a2db9066b07046ddad276940c69661c9e1c61cbf11e1b6ad3a3e37a6dde20
-
SSDEEP
24576:U2G/nvxW3Ww0t1iHedPHK9earci9v5RNlI/wSuAm/Glgx:UbA30AHAPHK9eoRz8wkI
Malware Config
Targets
-
-
Target
7fe28f3a0c82bcbefc9a1459a90bb1ec75e719ea22ba247bac808e9411e03fd4
-
Size
1.1MB
-
MD5
65d51781ab30cd3cf45cf872ab1393f2
-
SHA1
b535debd54056fe55231b9f040f62f0a2373278b
-
SHA256
7fe28f3a0c82bcbefc9a1459a90bb1ec75e719ea22ba247bac808e9411e03fd4
-
SHA512
354daab5682bff1890d4f240f39c1ba62edad06fc7d9cf474d02572eff6c9a6df91a2db9066b07046ddad276940c69661c9e1c61cbf11e1b6ad3a3e37a6dde20
-
SSDEEP
24576:U2G/nvxW3Ww0t1iHedPHK9earci9v5RNlI/wSuAm/Glgx:UbA30AHAPHK9eoRz8wkI
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-