General
-
Target
b067ce756638b4266dc38d81abb68af2.exe
-
Size
1.9MB
-
Sample
231011-fjtceacg83
-
MD5
b067ce756638b4266dc38d81abb68af2
-
SHA1
a5dfa0b07ddc85b5bf3ab0a1027bb6fef3470f37
-
SHA256
5c445f99c3c151573f373b65e070381d96df9260169433a01e7a7fab04ad88fe
-
SHA512
3f49947ee3b8436a09a027496cd5e6a0ff0ae56f811d74e17b2f166f4da5cfddbf9a8d33926c8a4c228edbe53d05b6bcd1507aba064a56e31e688d91b4d677ed
-
SSDEEP
49152:qcbzAoVVRaWf4aEqGaU5XBkvRdLtkdbW0qmxKghiX:qcbx9dtxu5arZkdX1K
Malware Config
Targets
-
-
Target
b067ce756638b4266dc38d81abb68af2.exe
-
Size
1.9MB
-
MD5
b067ce756638b4266dc38d81abb68af2
-
SHA1
a5dfa0b07ddc85b5bf3ab0a1027bb6fef3470f37
-
SHA256
5c445f99c3c151573f373b65e070381d96df9260169433a01e7a7fab04ad88fe
-
SHA512
3f49947ee3b8436a09a027496cd5e6a0ff0ae56f811d74e17b2f166f4da5cfddbf9a8d33926c8a4c228edbe53d05b6bcd1507aba064a56e31e688d91b4d677ed
-
SSDEEP
49152:qcbzAoVVRaWf4aEqGaU5XBkvRdLtkdbW0qmxKghiX:qcbx9dtxu5arZkdX1K
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-