General
-
Target
Roblox Game Manager.exe
-
Size
1.2MB
-
Sample
230530-kyawtsgh8z
-
MD5
0c5490df9bc38516e0caf3671cfe53b3
-
SHA1
6ed899171d1d5e3badea986eff1d8fbe39191511
-
SHA256
368f78866f6d64f9f03a7caf900fad3e21a7d2c84dbe34d6ae1dc5f8264e4077
-
SHA512
6e46bea29c4586730b8265d59d1e86aa963bedafc5f92dc42564d61a0d3fb0da7ab1cdaaf6d40a5ed2bdb976f4164da9e83054ffe6b499f10bf2c5b79d2394b9
-
SSDEEP
24576:U2hXPc/uRkQW40y/v7ySTtA17c09ngjl8ShwTwtZiNpoRNm9VMgP4Tue61bi:bcbh3AqNxShwT1xTi
Malware Config
Targets
-
-
Target
Roblox Game Manager.exe
-
Size
1.2MB
-
MD5
0c5490df9bc38516e0caf3671cfe53b3
-
SHA1
6ed899171d1d5e3badea986eff1d8fbe39191511
-
SHA256
368f78866f6d64f9f03a7caf900fad3e21a7d2c84dbe34d6ae1dc5f8264e4077
-
SHA512
6e46bea29c4586730b8265d59d1e86aa963bedafc5f92dc42564d61a0d3fb0da7ab1cdaaf6d40a5ed2bdb976f4164da9e83054ffe6b499f10bf2c5b79d2394b9
-
SSDEEP
24576:U2hXPc/uRkQW40y/v7ySTtA17c09ngjl8ShwTwtZiNpoRNm9VMgP4Tue61bi:bcbh3AqNxShwT1xTi
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-