General
-
Target
3a971964658a0bcaa170bed49.exe
-
Size
1.1MB
-
Sample
230707-yn6gmscb4w
-
MD5
3a971964658a0bcaa170bed495b58f02
-
SHA1
13a17c7def21294f71b50db342e52685161432dc
-
SHA256
b1793fd7329055b97df5f70b7a325df0b79a132321e9d116d501fa9aaa95d4dd
-
SHA512
f94e13e6f884f841b8181b85a93c1dcaa1c4c06c5e4e158c1c4fb7cd7251ef9b8a1fe5179fdb578a255b9624e4c19f24068013bbb5490a6740f6ff9bf357dc0e
-
SSDEEP
24576:DAkqmxZDdR4L5LGwrZrD69Ug/oL8WkKWb7LnwPCsu:DA3WZDf4L5k9xOSKWnLGD
Malware Config
Targets
-
-
Target
3a971964658a0bcaa170bed49.exe
-
Size
1.1MB
-
MD5
3a971964658a0bcaa170bed495b58f02
-
SHA1
13a17c7def21294f71b50db342e52685161432dc
-
SHA256
b1793fd7329055b97df5f70b7a325df0b79a132321e9d116d501fa9aaa95d4dd
-
SHA512
f94e13e6f884f841b8181b85a93c1dcaa1c4c06c5e4e158c1c4fb7cd7251ef9b8a1fe5179fdb578a255b9624e4c19f24068013bbb5490a6740f6ff9bf357dc0e
-
SSDEEP
24576:DAkqmxZDdR4L5LGwrZrD69Ug/oL8WkKWb7LnwPCsu:DA3WZDf4L5k9xOSKWnLGD
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-