General
-
Target
1455c4a22357a2c3e5a689c0d.exe
-
Size
488KB
-
Sample
230709-r8smysdc98
-
MD5
1455c4a22357a2c3e5a689c0d37e0580
-
SHA1
24ff0b0a4e635e65152d7af1c7f7aadfc1d59da5
-
SHA256
2ddc6af74674611a9cf929698260f5002f6910c6b6742df6de59279d83c6def0
-
SHA512
c53008ba4bbded485ee4c4d6857ed0232830676af33280dff1bbfeb785dbf153a354224d237e321eebea2d3fa3a57d0c57e77033dd3148e60a599f5551d191f8
-
SSDEEP
12288:amNE5N8iHw7YsPDRQy25VpI4e2ZvjL8mUmtx:amNQIPDRQX/T
Malware Config
Targets
-
-
Target
1455c4a22357a2c3e5a689c0d.exe
-
Size
488KB
-
MD5
1455c4a22357a2c3e5a689c0d37e0580
-
SHA1
24ff0b0a4e635e65152d7af1c7f7aadfc1d59da5
-
SHA256
2ddc6af74674611a9cf929698260f5002f6910c6b6742df6de59279d83c6def0
-
SHA512
c53008ba4bbded485ee4c4d6857ed0232830676af33280dff1bbfeb785dbf153a354224d237e321eebea2d3fa3a57d0c57e77033dd3148e60a599f5551d191f8
-
SSDEEP
12288:amNE5N8iHw7YsPDRQy25VpI4e2ZvjL8mUmtx:amNQIPDRQX/T
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-