General
-
Target
cd0474c2a3a8a662b9ec1cda81ef072e
-
Size
1.7MB
-
Sample
240316-d9gp7abb3y
-
MD5
cd0474c2a3a8a662b9ec1cda81ef072e
-
SHA1
e1bc9504cbf0f6b96ba50f5a14b34d4f9466480d
-
SHA256
6fa4e7b5a0f66ca0eb75634dbcc3a75a33e126d4f62fd76285a016d5df61b785
-
SHA512
fc8d7fa6216f85924f5eaa7252c3bb720bab4d48d86a11f10d236190debd3b2f773188039250d378b1ab6c32ac4f053fba6b3a632ef6ef26d3345b1cd4055215
-
SSDEEP
24576:u2G/nvxW3WieCIjEHTG4BWus6NpkRqqdY/kxqlQOczM9xDEw5PWGBcXkaH+kO+49:ubA3jI2BWuzpkRLOsGEwRnB8k4hJ2
Malware Config
Targets
-
-
Target
cd0474c2a3a8a662b9ec1cda81ef072e
-
Size
1.7MB
-
MD5
cd0474c2a3a8a662b9ec1cda81ef072e
-
SHA1
e1bc9504cbf0f6b96ba50f5a14b34d4f9466480d
-
SHA256
6fa4e7b5a0f66ca0eb75634dbcc3a75a33e126d4f62fd76285a016d5df61b785
-
SHA512
fc8d7fa6216f85924f5eaa7252c3bb720bab4d48d86a11f10d236190debd3b2f773188039250d378b1ab6c32ac4f053fba6b3a632ef6ef26d3345b1cd4055215
-
SSDEEP
24576:u2G/nvxW3WieCIjEHTG4BWus6NpkRqqdY/kxqlQOczM9xDEw5PWGBcXkaH+kO+49:ubA3jI2BWuzpkRLOsGEwRnB8k4hJ2
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-