General
-
Target
2F476997ECDB5116621E72532460D7149299A6B058BEE.exe
-
Size
1.6MB
-
Sample
230608-s7vllahc6v
-
MD5
2baa6f19fa7f4ef5941e92335aa2c06d
-
SHA1
68c4872eba868d9e8b640e0e76cb1a4a00331d8e
-
SHA256
2f476997ecdb5116621e72532460d7149299a6b058bee5b58501484da80d523b
-
SHA512
ee875b4c223bba5864aa1d5ca165d798625442a8ef0a35ec16dc4283ad404d7656bfeeb262ef2ebdc8d3fe954416c019a210c59e2caba6507ae89f13d12d2d27
-
SSDEEP
24576:e2G/nvxW3WXeGxRoXGkxVsAjtxWCu2RdBaYwqf36eYmMyXxRlRYSZF083SFN:ebA3V6aXGkzFaPmUzyXnlqSZE
Malware Config
Targets
-
-
Target
2F476997ECDB5116621E72532460D7149299A6B058BEE.exe
-
Size
1.6MB
-
MD5
2baa6f19fa7f4ef5941e92335aa2c06d
-
SHA1
68c4872eba868d9e8b640e0e76cb1a4a00331d8e
-
SHA256
2f476997ecdb5116621e72532460d7149299a6b058bee5b58501484da80d523b
-
SHA512
ee875b4c223bba5864aa1d5ca165d798625442a8ef0a35ec16dc4283ad404d7656bfeeb262ef2ebdc8d3fe954416c019a210c59e2caba6507ae89f13d12d2d27
-
SSDEEP
24576:e2G/nvxW3WXeGxRoXGkxVsAjtxWCu2RdBaYwqf36eYmMyXxRlRYSZF083SFN:ebA3V6aXGkzFaPmUzyXnlqSZE
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-