General
-
Target
b8cb91c1c13cf059bf110500f08b1ccc.exe
-
Size
2.3MB
-
Sample
231222-rykjlaecd8
-
MD5
b8cb91c1c13cf059bf110500f08b1ccc
-
SHA1
be7c2403d5e296e499070166e0df9f74e4613fde
-
SHA256
76825233479175a84a1f41b38bca8949aa84ad2b60124b6247a036cd40506480
-
SHA512
5a78f9959f3ea7b7ccc3b51206e4a13ce6c8c60218c4d37f7d10dd4f283aaa3625c6708ab19c2219de399fab424a9264fe2224a3946d9be1c587eeb28b522986
-
SSDEEP
49152:IXKRD/mYOPrWcQZ0QQUmkpv6O3kK7Dc4AUNLILKa:Q3YOPrYOUB6O3kkfAEELP
Malware Config
Targets
-
-
Target
b8cb91c1c13cf059bf110500f08b1ccc.exe
-
Size
2.3MB
-
MD5
b8cb91c1c13cf059bf110500f08b1ccc
-
SHA1
be7c2403d5e296e499070166e0df9f74e4613fde
-
SHA256
76825233479175a84a1f41b38bca8949aa84ad2b60124b6247a036cd40506480
-
SHA512
5a78f9959f3ea7b7ccc3b51206e4a13ce6c8c60218c4d37f7d10dd4f283aaa3625c6708ab19c2219de399fab424a9264fe2224a3946d9be1c587eeb28b522986
-
SSDEEP
49152:IXKRD/mYOPrWcQZ0QQUmkpv6O3kK7Dc4AUNLILKa:Q3YOPrYOUB6O3kkfAEELP
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-