General
-
Target
HEUR-Backdoor.MSIL.LightStone.gen-48a5d085cf6.exe
-
Size
1.1MB
-
Sample
230613-d6gk1sef24
-
MD5
89eafa0c3e68136ae780afb0bed528be
-
SHA1
8c80cb2d82eabc6a9d6bc582c0a4c67b4bc79bc3
-
SHA256
48a5d085cf6540b1dc286bbaa17141d6c40d3aa37a6a92c6326873ca98f25e8a
-
SHA512
e6a5a6a0602b3bb51235fee1a0a39a32327a62892635e1df7c0bc3135089718bac96ad878dabd6c8d35738a3a6595dabde716b6ebb78d17b75188b98de159e34
-
SSDEEP
12288:o8R51UropgKt6ljehIYulIB68SzlPqGlWVKZuMM2nwLjwkidihD9+HgMVeQqn4:X1UMb6ljehI7+6X+/WpHgeeQ+4
Malware Config
Targets
-
-
Target
HEUR-Backdoor.MSIL.LightStone.gen-48a5d085cf6.exe
-
Size
1.1MB
-
MD5
89eafa0c3e68136ae780afb0bed528be
-
SHA1
8c80cb2d82eabc6a9d6bc582c0a4c67b4bc79bc3
-
SHA256
48a5d085cf6540b1dc286bbaa17141d6c40d3aa37a6a92c6326873ca98f25e8a
-
SHA512
e6a5a6a0602b3bb51235fee1a0a39a32327a62892635e1df7c0bc3135089718bac96ad878dabd6c8d35738a3a6595dabde716b6ebb78d17b75188b98de159e34
-
SSDEEP
12288:o8R51UropgKt6ljehIYulIB68SzlPqGlWVKZuMM2nwLjwkidihD9+HgMVeQqn4:X1UMb6ljehI7+6X+/WpHgeeQ+4
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-