General
-
Target
bb1ef2ca98ae809bf836c6f1767cc426.exe
-
Size
827KB
-
Sample
230611-z4frlaab33
-
MD5
bb1ef2ca98ae809bf836c6f1767cc426
-
SHA1
3ec5f3acbf39a52ae978cfe6d440090e6e7e85d6
-
SHA256
5232c6db5c412780ace4c035be6bde85e2ff91f4d5699f849b028939dc39cf74
-
SHA512
c3d9a6ceaff7bfdca46cd115aad4ed0739cfdef2809149a29e5eca26a0a5cc9bedd0225adc17d6c4fb344a3edf0e553d24fdba63a34e820dcd8144453985e7cc
-
SSDEEP
12288:tuSciL28Yzhe9iolOGbdUUd+3JQvv0Iggv0v/X8qnNLblqR:tciL28Y+iYOGpUUd+3HIg3nNLG
Malware Config
Targets
-
-
Target
bb1ef2ca98ae809bf836c6f1767cc426.exe
-
Size
827KB
-
MD5
bb1ef2ca98ae809bf836c6f1767cc426
-
SHA1
3ec5f3acbf39a52ae978cfe6d440090e6e7e85d6
-
SHA256
5232c6db5c412780ace4c035be6bde85e2ff91f4d5699f849b028939dc39cf74
-
SHA512
c3d9a6ceaff7bfdca46cd115aad4ed0739cfdef2809149a29e5eca26a0a5cc9bedd0225adc17d6c4fb344a3edf0e553d24fdba63a34e820dcd8144453985e7cc
-
SSDEEP
12288:tuSciL28Yzhe9iolOGbdUUd+3JQvv0Iggv0v/X8qnNLblqR:tciL28Y+iYOGpUUd+3HIg3nNLG
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-