General
-
Target
vxvault.net_5.exe
-
Size
1.1MB
-
Sample
240422-25z8qshe8t
-
MD5
6e6f8bc0dbceec859f9baaff0ebe2811
-
SHA1
495b4434e34bbf6c432718ee6fac880f16be49a0
-
SHA256
7574d2c9903d02681c8190816aa30a76d8874f03148539eacd6af126dc4cba8e
-
SHA512
aab1bba5a4fc395f2d378bfc2bad098ce4efbeadacea47f650e16afd99373d518fd2cf9f8c30422cd34939d04d2e05ac9fc5ee8b48d6f5bc8f7cbb19d1bfeac7
-
SSDEEP
24576:U2G/nvxW3Ww0tkqV9bjWrJeQfBmAL6PLRr0UeJ:UbA30kqIJR/
Malware Config
Targets
-
-
Target
vxvault.net_5.exe
-
Size
1.1MB
-
MD5
6e6f8bc0dbceec859f9baaff0ebe2811
-
SHA1
495b4434e34bbf6c432718ee6fac880f16be49a0
-
SHA256
7574d2c9903d02681c8190816aa30a76d8874f03148539eacd6af126dc4cba8e
-
SHA512
aab1bba5a4fc395f2d378bfc2bad098ce4efbeadacea47f650e16afd99373d518fd2cf9f8c30422cd34939d04d2e05ac9fc5ee8b48d6f5bc8f7cbb19d1bfeac7
-
SSDEEP
24576:U2G/nvxW3Ww0tkqV9bjWrJeQfBmAL6PLRr0UeJ:UbA30kqIJR/
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-