General
-
Target
DCRatBuild.exe
-
Size
2.2MB
-
Sample
231204-cjd1yage61
-
MD5
6eb433b80c109ad5d2342a461cf344cf
-
SHA1
1db227016fce2475e2c6e957330afc6e64e2064e
-
SHA256
d4a578ec1a8a2ea4ad971310ecebb996529d90a7ebe264be20fb57d5a25371e2
-
SHA512
1585da261489db71390d4af718b1c92b713f2df6ed234e385aba264be5213c0c9987890b9a80e5e1f903eb2f24a7bd105390e1303ca06c8083f21e64f8e8d3a4
-
SSDEEP
49152:UbA30ajT26LGj1+dG6/CXhpxK/uVtmJPZVmL8eRQaiHcZphJPGXhL:UbOj9LGj12qXRKMt0PMWDcZphIhL
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
2.2MB
-
MD5
6eb433b80c109ad5d2342a461cf344cf
-
SHA1
1db227016fce2475e2c6e957330afc6e64e2064e
-
SHA256
d4a578ec1a8a2ea4ad971310ecebb996529d90a7ebe264be20fb57d5a25371e2
-
SHA512
1585da261489db71390d4af718b1c92b713f2df6ed234e385aba264be5213c0c9987890b9a80e5e1f903eb2f24a7bd105390e1303ca06c8083f21e64f8e8d3a4
-
SSDEEP
49152:UbA30ajT26LGj1+dG6/CXhpxK/uVtmJPZVmL8eRQaiHcZphJPGXhL:UbOj9LGj12qXRKMt0PMWDcZphIhL
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-