General
-
Target
0d456935336793c4859f32bc6585cbb8.exe
-
Size
3.5MB
-
Sample
230328-xpr5zaec9s
-
MD5
0d456935336793c4859f32bc6585cbb8
-
SHA1
69ca4027c5dda06ad464dd2e909f194f3e06aee0
-
SHA256
be15d47389920ab9637eefc24bbf6c191607013a3d2608c1243a377aacb5d4ce
-
SHA512
8117361f458afa5efb720e8f5d6bb383ee76bd4d82bf0a0674210a1a95ff83ea9ac4879572191a13a16d1cb209162ceaa26d73902ee35525f60be2a87c1ecc78
-
SSDEEP
98304:hdqEZbbOsOPNTbMEEp4gGNuFG2DPV+McRRJGRR5IB:nZeszp43PyqJu5I
Malware Config
Targets
-
-
Target
0d456935336793c4859f32bc6585cbb8.exe
-
Size
3.5MB
-
MD5
0d456935336793c4859f32bc6585cbb8
-
SHA1
69ca4027c5dda06ad464dd2e909f194f3e06aee0
-
SHA256
be15d47389920ab9637eefc24bbf6c191607013a3d2608c1243a377aacb5d4ce
-
SHA512
8117361f458afa5efb720e8f5d6bb383ee76bd4d82bf0a0674210a1a95ff83ea9ac4879572191a13a16d1cb209162ceaa26d73902ee35525f60be2a87c1ecc78
-
SSDEEP
98304:hdqEZbbOsOPNTbMEEp4gGNuFG2DPV+McRRJGRR5IB:nZeszp43PyqJu5I
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-