General
-
Target
a07df24fcb9105b0be3b921cd48eae9202bd7f929f5dd57efd8a37c238cd411c
-
Size
414KB
-
Sample
240417-r5shsaeb7t
-
MD5
55ac31471148e1d779569105899b4b3b
-
SHA1
4abe2c097dbf0f0ac4a246738f65fcd33fc23a72
-
SHA256
a07df24fcb9105b0be3b921cd48eae9202bd7f929f5dd57efd8a37c238cd411c
-
SHA512
d406b51df73c9d53060094a6a1b07e7ad982a6c00619f5d6f721f4eeaaf53857e98ccd25094adf434b2e233dea4d6d477d4509881cdec141b31c0deef1788b3f
-
SSDEEP
6144:abtBWICM4hkNsNqvDwJKvTQ4d7kmbkyH9n17EIhXnBKEySOANqk/:ab3eM4ylIi84d7kmblRWQXA9rk/
Malware Config
Targets
-
-
Target
fed72a470e5c75ecdf5eabb18de614f7caeaa4a4f629989c0477fdf28d7a2f90.exe
-
Size
828KB
-
MD5
b553593ddafa968aa68b16a806f2598b
-
SHA1
8de10ee8f4d29475d5ceb4f4974e7dc08bae31c3
-
SHA256
fed72a470e5c75ecdf5eabb18de614f7caeaa4a4f629989c0477fdf28d7a2f90
-
SHA512
da10426fd8471d8fabe63cdc41121d37accf821bd39bc26d822b96766a677ca8173e7cb697542c8f3d73bd20ea112ba0853cd865c6cd7ae6aa6f33bde39a9ffb
-
SSDEEP
12288:CuZLhFZJ3Rz1L7YDvlUFfPrs+LluzBEZMSneuW1Se13+ymHy:CuFTZHz1L7YhofPA+LJZMOHW3O/S
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-