General
-
Target
DCRatBuild.exe
-
Size
1.5MB
-
Sample
240418-pastysdh5s
-
MD5
3801fa6eef42d4226ae043c216555158
-
SHA1
ecf3140d114ec3cdee4b8cf38c23c282b4b17dba
-
SHA256
750988872141e1c6543920865616fd0190025ceb1b9589c0013e8b9344dbac4b
-
SHA512
e5bd8fb55d2d722a974e8bcc1007b8fb744ae4c4de08d456f5cb64bf8072b02b02a7598853295f215a4f166c9d3307b6156446a6bf2749d7059433d9d1b63288
-
SSDEEP
24576:U2G/nvxW3Ww0t6fva+2JT3K7aRai8PMon90WrT4XfTBE7xzW8cf0/CnQv:UbA306fveTczrUgxitW
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
1.5MB
-
MD5
3801fa6eef42d4226ae043c216555158
-
SHA1
ecf3140d114ec3cdee4b8cf38c23c282b4b17dba
-
SHA256
750988872141e1c6543920865616fd0190025ceb1b9589c0013e8b9344dbac4b
-
SHA512
e5bd8fb55d2d722a974e8bcc1007b8fb744ae4c4de08d456f5cb64bf8072b02b02a7598853295f215a4f166c9d3307b6156446a6bf2749d7059433d9d1b63288
-
SSDEEP
24576:U2G/nvxW3Ww0t6fva+2JT3K7aRai8PMon90WrT4XfTBE7xzW8cf0/CnQv:UbA306fveTczrUgxitW
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-