General
-
Target
GoogleChromeUpdate.exe
-
Size
1.5MB
-
Sample
230602-bp8l3ahf41
-
MD5
a1d05206520518a47f710e7197bbc336
-
SHA1
270ac60027ac01b78139bec3a6fe54f702c4fe96
-
SHA256
374eba5495779dc24974bb881e0c3f298861a91d88d710da4f684bf8a2a01fe6
-
SHA512
6164910de359dd7f9ad12e75c1ea170ff5fb313598da249c12888a100cd01e3888bbea25240a7924ea825147a7979b0b941e9d8916a322dbb3846c077959921a
-
SSDEEP
24576:YW3QhwWwORHtx07i/85O8q9Fx7hFsf1gj7xN9sKrogXMAGqo3K6L29ufIOT0Gj:YW3QNRH/07imOljZhFsf1s9ZkgXZkKxC
Malware Config
Targets
-
-
Target
GoogleChromeUpdate.exe
-
Size
1.5MB
-
MD5
a1d05206520518a47f710e7197bbc336
-
SHA1
270ac60027ac01b78139bec3a6fe54f702c4fe96
-
SHA256
374eba5495779dc24974bb881e0c3f298861a91d88d710da4f684bf8a2a01fe6
-
SHA512
6164910de359dd7f9ad12e75c1ea170ff5fb313598da249c12888a100cd01e3888bbea25240a7924ea825147a7979b0b941e9d8916a322dbb3846c077959921a
-
SSDEEP
24576:YW3QhwWwORHtx07i/85O8q9Fx7hFsf1gj7xN9sKrogXMAGqo3K6L29ufIOT0Gj:YW3QNRH/07imOljZhFsf1s9ZkgXZkKxC
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-