General
-
Target
b67032a27798a7d9a53e7c1ba325b6be949d0f1e5cc9c6033827545e71b2fc5c
-
Size
415KB
-
Sample
240417-p7ch8shf9s
-
MD5
137e4e2683a4ab261cd1e294e9458515
-
SHA1
7ee56a1be2a57e093a75684a12aa3e543898421f
-
SHA256
b67032a27798a7d9a53e7c1ba325b6be949d0f1e5cc9c6033827545e71b2fc5c
-
SHA512
a7963d82322600b08677fbd62a122f26139e2e9f6b2a72de70fa5bde53399e5207148fbdf44a0449ea067a8660edbdddbec101083d366837e551e1aa2b1f5521
-
SSDEEP
6144:RnLO642y0iHiosHi+ML9wtYaobB6anL9faTVhVFUfZIOcBBwaYAgBs35OXEc:RLOuy0iHQhGHYEaDfaFewDqTc
Malware Config
Targets
-
-
Target
3b7b020f8ce69d4b810468c03b4bfd1cc6e56080c7b754cafebfd4ba500c7855.exe
-
Size
827KB
-
MD5
81f8eacc0997ace2ee1d89b25391783c
-
SHA1
7d880a37dc2ea2819e9081f0eb97d75c4ac63763
-
SHA256
3b7b020f8ce69d4b810468c03b4bfd1cc6e56080c7b754cafebfd4ba500c7855
-
SHA512
ba138c654a421f33ba9adc40c42db3dc167cabc6a96e0cb0a78b3f76a853f67f3519d16c7ad1b2c5c2d8fc06b3d9ba1ac5d5eea58c15bea0c453c65143cfb443
-
SSDEEP
24576:TYMB0+EFNTfgJyzf/0X807GUj1sVr46Ec:TYMBiFNT3zfkG81q0F
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-