General
-
Target
c44819eb2ff2ffd7f9bf6163d5994a99.exe
-
Size
1.5MB
-
Sample
240107-1tn6nagaa8
-
MD5
c44819eb2ff2ffd7f9bf6163d5994a99
-
SHA1
1af74ac1121a7704c69c934035f68df1d9205576
-
SHA256
2f9bf1b8e047c1fa8ec80deccb3e9b575aaf5247f23c0fea81157b8b995562c9
-
SHA512
0ad8b5afd6482327feba6a79cd5a7bfbbbc40bc7888783e757c5b3d4b6a9db4e2f1b6f108351b2d3390028e767e3e5fb7ac6354c0a9f66553e37d13741bb4420
-
SSDEEP
24576:d2G/nvxW3W9hIWg69UY2cJLejOLGz3lVPde0Aj2CQrOyRgwpqhrVcyXSIhQ:dbA3G33sRCvyRg5qt
Malware Config
Targets
-
-
Target
c44819eb2ff2ffd7f9bf6163d5994a99.exe
-
Size
1.5MB
-
MD5
c44819eb2ff2ffd7f9bf6163d5994a99
-
SHA1
1af74ac1121a7704c69c934035f68df1d9205576
-
SHA256
2f9bf1b8e047c1fa8ec80deccb3e9b575aaf5247f23c0fea81157b8b995562c9
-
SHA512
0ad8b5afd6482327feba6a79cd5a7bfbbbc40bc7888783e757c5b3d4b6a9db4e2f1b6f108351b2d3390028e767e3e5fb7ac6354c0a9f66553e37d13741bb4420
-
SSDEEP
24576:d2G/nvxW3W9hIWg69UY2cJLejOLGz3lVPde0Aj2CQrOyRgwpqhrVcyXSIhQ:dbA3G33sRCvyRg5qt
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-