General
-
Target
file.exe
-
Size
1.1MB
-
Sample
230610-az15asee9s
-
MD5
06eae25115858e2475c1bab16bae9585
-
SHA1
657cdc54121fa9baaae7cc944ed935e1eddf4ebc
-
SHA256
d9bed95674d8f25aba2b84067e0691d254c86d686a4ec42dec119a8a2b006c98
-
SHA512
2ad4ccbbf950dac84d2353b9d59e8d59415ec3f9bef1d226270ebc4f416489dc6c39b5c4725dd10316b2cbc6adc8bef3e7db8e430ed581444857db8e0d0c53d1
-
SSDEEP
12288:aRZ+IoG/n9IQxW3OBsee2X+t4RbiYS3HzuWTEv3L9aCcyYiqlbl117n1k4Rq5zs:U2G/nvxW3Ww0t03THqRaCQJThLis
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.1MB
-
MD5
06eae25115858e2475c1bab16bae9585
-
SHA1
657cdc54121fa9baaae7cc944ed935e1eddf4ebc
-
SHA256
d9bed95674d8f25aba2b84067e0691d254c86d686a4ec42dec119a8a2b006c98
-
SHA512
2ad4ccbbf950dac84d2353b9d59e8d59415ec3f9bef1d226270ebc4f416489dc6c39b5c4725dd10316b2cbc6adc8bef3e7db8e430ed581444857db8e0d0c53d1
-
SSDEEP
12288:aRZ+IoG/n9IQxW3OBsee2X+t4RbiYS3HzuWTEv3L9aCcyYiqlbl117n1k4Rq5zs:U2G/nvxW3Ww0t03THqRaCQJThLis
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-