General
-
Target
2baa6f19fa7f4ef5941e92335aa2c06d.bin
-
Size
1.1MB
-
Sample
230610-bl6nasef4z
-
MD5
54fc99dc1255286bfd10b82815a80381
-
SHA1
07f08b452d691c39c5e73ba793ae9a497253a1ce
-
SHA256
672122b34c708738c0ebb1fbe3306b7aa24a4584c87172582c95bbe59ccea401
-
SHA512
4e1fed680027dde905f20481a3ee9e2b43190cc472241db00039fa67eb9edb6cd36ce2dda2c8de3db3c8914f40c1cc07caaeec4ee7dc20c27efd0cf05484dc0c
-
SSDEEP
24576:r8szuAvHgp4BOBreMYb3U2xk+o0ooePia/ZGGiFe:rXl/BOBKzbLX6Pia/hr
Malware Config
Targets
-
-
Target
2f476997ecdb5116621e72532460d7149299a6b058bee5b58501484da80d523b.exe
-
Size
1.6MB
-
MD5
2baa6f19fa7f4ef5941e92335aa2c06d
-
SHA1
68c4872eba868d9e8b640e0e76cb1a4a00331d8e
-
SHA256
2f476997ecdb5116621e72532460d7149299a6b058bee5b58501484da80d523b
-
SHA512
ee875b4c223bba5864aa1d5ca165d798625442a8ef0a35ec16dc4283ad404d7656bfeeb262ef2ebdc8d3fe954416c019a210c59e2caba6507ae89f13d12d2d27
-
SSDEEP
24576:e2G/nvxW3WXeGxRoXGkxVsAjtxWCu2RdBaYwqf36eYmMyXxRlRYSZF083SFN:ebA3V6aXGkzFaPmUzyXnlqSZE
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-