General
-
Target
6bfbf792786f767bc33a9dc54d7b0201.bin.exe
-
Size
1.2MB
-
Sample
230608-c61hfsbf21
-
MD5
6bfbf792786f767bc33a9dc54d7b0201
-
SHA1
672dc2b722a925f1a114adaac97c53929eed1c70
-
SHA256
949c549fbf47f559d9e0aa2cb247c955a1d9f35d8b7e4bcb675bd8697b081fe2
-
SHA512
5fb36290315a72fe28efc2c8cb8f0c97f82419ee4f369b15059a1777f599b477161d388c3769be9bf8032b8a87282b61477c5543bfd641d4d84af196c70e488f
-
SSDEEP
12288:tFsdeqmxHyByzDaTzcykayUbdxXb3jr9vm1s+Wl9XDTJ48BIwr+:t+e7H9zu/cykatbDrX9um+6PNB
Malware Config
Targets
-
-
Target
6bfbf792786f767bc33a9dc54d7b0201.bin.exe
-
Size
1.2MB
-
MD5
6bfbf792786f767bc33a9dc54d7b0201
-
SHA1
672dc2b722a925f1a114adaac97c53929eed1c70
-
SHA256
949c549fbf47f559d9e0aa2cb247c955a1d9f35d8b7e4bcb675bd8697b081fe2
-
SHA512
5fb36290315a72fe28efc2c8cb8f0c97f82419ee4f369b15059a1777f599b477161d388c3769be9bf8032b8a87282b61477c5543bfd641d4d84af196c70e488f
-
SSDEEP
12288:tFsdeqmxHyByzDaTzcykayUbdxXb3jr9vm1s+Wl9XDTJ48BIwr+:t+e7H9zu/cykatbDrX9um+6PNB
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-