General
-
Target
48ECBB90DC588F6698F1AEBDA1B5B59E.exe
-
Size
1.1MB
-
Sample
240220-akd18afh8s
-
MD5
48ecbb90dc588f6698f1aebda1b5b59e
-
SHA1
2b6bef1df13c510df20afc6fb68ff73fbd54f477
-
SHA256
1a39cff5d5b0b550cd9b30f08c0e32430c2e1b92aecc663d4151789e54d13f64
-
SHA512
cf8d104c974fcaf5e77680aeccacb1902346442d79f85c9e973d9d4e0d6b6924c19c4c3c69846e474979a63e05d92cddace01eb6c534ff706cb12d65460fcc58
-
SSDEEP
12288:sRZ+IoG/n9IQxW3OBsee2X+t4Rb0taU/WEgVTx6hCuB/Ns7ea4S0XpEXn+6FnaSB:W2G/nvxW3Ww0t0WEgVaCuBVk34LG2S
Malware Config
Targets
-
-
Target
48ECBB90DC588F6698F1AEBDA1B5B59E.exe
-
Size
1.1MB
-
MD5
48ecbb90dc588f6698f1aebda1b5b59e
-
SHA1
2b6bef1df13c510df20afc6fb68ff73fbd54f477
-
SHA256
1a39cff5d5b0b550cd9b30f08c0e32430c2e1b92aecc663d4151789e54d13f64
-
SHA512
cf8d104c974fcaf5e77680aeccacb1902346442d79f85c9e973d9d4e0d6b6924c19c4c3c69846e474979a63e05d92cddace01eb6c534ff706cb12d65460fcc58
-
SSDEEP
12288:sRZ+IoG/n9IQxW3OBsee2X+t4Rb0taU/WEgVTx6hCuB/Ns7ea4S0XpEXn+6FnaSB:W2G/nvxW3Ww0t0WEgVaCuBVk34LG2S
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-