General
-
Target
DCRatBuild.scr.exe
-
Size
1.1MB
-
Sample
230529-cmt7bshb73
-
MD5
b7e869de46a46e65ec4decd37181dca6
-
SHA1
a5e10733b276e4d2c7aeaeb4277d6803fa89bbc8
-
SHA256
db22afccf4e8415e7a44f2b4d77ace21209dc4bcf558024ad9ae87820fed4857
-
SHA512
93649cbd0f964c3152f600d45e37cb18fc3d5b78c3c514c23ebc7e19ae8dae3b7baddfcff1d92f8e9c9b236fe9ea8a06f4fc089d8232f3b322274cb4987c623a
-
SSDEEP
24576:U2G/nvxW3Ww0tOGJO4DEsW9rJ89Zl7GdhTzZx4xy4Vg2aM:UbA30OGLDEK9eGUtg
Behavioral task
behavioral1
Sample
DCRatBuild.scr.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DCRatBuild.scr.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
DCRatBuild.scr.exe
-
Size
1.1MB
-
MD5
b7e869de46a46e65ec4decd37181dca6
-
SHA1
a5e10733b276e4d2c7aeaeb4277d6803fa89bbc8
-
SHA256
db22afccf4e8415e7a44f2b4d77ace21209dc4bcf558024ad9ae87820fed4857
-
SHA512
93649cbd0f964c3152f600d45e37cb18fc3d5b78c3c514c23ebc7e19ae8dae3b7baddfcff1d92f8e9c9b236fe9ea8a06f4fc089d8232f3b322274cb4987c623a
-
SSDEEP
24576:U2G/nvxW3Ww0tOGJO4DEsW9rJ89Zl7GdhTzZx4xy4Vg2aM:UbA30OGLDEK9eGUtg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-