General
-
Target
9d2016e30d67e2799238d224adc48f6e406218c7cc9acf1c8027f3647e08c98d
-
Size
957KB
-
Sample
230530-hl3d7sgb51
-
MD5
e7f043a52ed8bbd9dd37bec764801f7e
-
SHA1
2e4da011155916140fea8839a7bb200192ba00f8
-
SHA256
9d2016e30d67e2799238d224adc48f6e406218c7cc9acf1c8027f3647e08c98d
-
SHA512
da691a958feee41f5f94bdf12730537d43829859073660a841605cc9b1c802f4af2170a3a747145a0a39b334c0cc83cfd9bedc0167e03000733a98306b4ea511
-
SSDEEP
12288:8JIEiAgn+N/41kouu98maZAkesjEOsjO5SWA79l7LFrhME0X7vJGU:5fBnyouMQJ3jpzYWM3DSTV
Malware Config
Targets
-
-
Target
9d2016e30d67e2799238d224adc48f6e406218c7cc9acf1c8027f3647e08c98d
-
Size
957KB
-
MD5
e7f043a52ed8bbd9dd37bec764801f7e
-
SHA1
2e4da011155916140fea8839a7bb200192ba00f8
-
SHA256
9d2016e30d67e2799238d224adc48f6e406218c7cc9acf1c8027f3647e08c98d
-
SHA512
da691a958feee41f5f94bdf12730537d43829859073660a841605cc9b1c802f4af2170a3a747145a0a39b334c0cc83cfd9bedc0167e03000733a98306b4ea511
-
SSDEEP
12288:8JIEiAgn+N/41kouu98maZAkesjEOsjO5SWA79l7LFrhME0X7vJGU:5fBnyouMQJ3jpzYWM3DSTV
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-