General
-
Target
10475701504.zip
-
Size
850KB
-
Sample
230522-zhn6vace82
-
MD5
327d191ceacd013993762c57cf1e0993
-
SHA1
fd636fc0c379480ee54b48ecb3fb980da97faa74
-
SHA256
ddae07501030167a802a45fecbf0859bf83d78d9e80d1317de3a48a211e24eff
-
SHA512
752f5e4bbb2a4b111f3bd5d6cade0d0be4b54efb73a953fe3badc7087a32d77073b7f752f0f4c888ddd7bca0ee20e84e8abbd6acbf1af42884d92557a0a8f732
-
SSDEEP
24576:QvPF3YqJ++K+F5HVNeKJr+Tz/Qs0QYcbESh2et2:Q1l++fTr+3/QpcYw2Q2
Malware Config
Targets
-
-
Target
4caa0dfed056d553df2009510b4bbacbc47c7a09c89b90393b2712343531b7dc
-
Size
1.2MB
-
MD5
21d0976afd994778c45be2b325279334
-
SHA1
6866747e55986825d3c01d616a3e7cd9c41d079f
-
SHA256
4caa0dfed056d553df2009510b4bbacbc47c7a09c89b90393b2712343531b7dc
-
SHA512
0321b8d3bcc7b101064b10cbb7178d1b6a744ea50c5635e661d78417676e190d2c82bc69817c0cf8c03e286cd5e81d8c61cf258b590b8f85fb805c5bd8418d2b
-
SSDEEP
24576:GQzAesi8Ux2V5L91NnIcQtBNDRgyz0D/0/3b/M:GQ8e5kVJ9nIxWyz7vr
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-