General
-
Target
4c0b8a87ac894d73ec5cdca91726d6a3e20254501db440575478071f1321d7e7
-
Size
415KB
-
Sample
240417-qes6ysac7v
-
MD5
fab475008eec24ebebbcdd27fb1fe868
-
SHA1
72cc1d6b4f97568399c90c7f37ded5c1ebf39af6
-
SHA256
4c0b8a87ac894d73ec5cdca91726d6a3e20254501db440575478071f1321d7e7
-
SHA512
0ce5b752ec25b09b4b4521ecd0f001595ca26264adcd2bb470ed959ddafae88751e4bf565013185854b17bc56175f9fb6ee05910f860cfd58d108bf54fabb4fa
-
SSDEEP
12288:m+jaHLkLperU/kG/9SuwQst5Dgbp8/Ppp:m+kG/9Suwvgd83v
Malware Config
Targets
-
-
Target
3b7b020f8ce69d4b810468c03b4bfd1cc6e56080c7b754cafebfd4ba500c7855.exe
-
Size
827KB
-
MD5
81f8eacc0997ace2ee1d89b25391783c
-
SHA1
7d880a37dc2ea2819e9081f0eb97d75c4ac63763
-
SHA256
3b7b020f8ce69d4b810468c03b4bfd1cc6e56080c7b754cafebfd4ba500c7855
-
SHA512
ba138c654a421f33ba9adc40c42db3dc167cabc6a96e0cb0a78b3f76a853f67f3519d16c7ad1b2c5c2d8fc06b3d9ba1ac5d5eea58c15bea0c453c65143cfb443
-
SSDEEP
24576:TYMB0+EFNTfgJyzf/0X807GUj1sVr46Ec:TYMBiFNT3zfkG81q0F
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-