General
-
Target
hitler.exe
-
Size
10.4MB
-
Sample
240425-jzcalsha4w
-
MD5
3a1733f19b9ca74fe793df23700c3519
-
SHA1
31cf4474f0ac00d45c19b7e31e7dc9fde3054091
-
SHA256
1b2a026beda12eff88e2397931018031e4358de05aa449e3441434e6cf5dad6c
-
SHA512
0cd23dce1880c0b11d19f7d58102020baba7033e828aee233f8ed6b7d11c622d1dcec38c4a3e6c4691e07f7a1609fe550a30517e662236e164e550e87bea777b
-
SSDEEP
196608:PzFUayJ3rXjYHfYVEo51LUd5vKUcrqj/PvvYj5pFF7hlQgu5:Pyp3rXjS7cNU5vK5rq3vvYN/Ogu
Malware Config
Targets
-
-
Target
hitler.exe
-
Size
10.4MB
-
MD5
3a1733f19b9ca74fe793df23700c3519
-
SHA1
31cf4474f0ac00d45c19b7e31e7dc9fde3054091
-
SHA256
1b2a026beda12eff88e2397931018031e4358de05aa449e3441434e6cf5dad6c
-
SHA512
0cd23dce1880c0b11d19f7d58102020baba7033e828aee233f8ed6b7d11c622d1dcec38c4a3e6c4691e07f7a1609fe550a30517e662236e164e550e87bea777b
-
SSDEEP
196608:PzFUayJ3rXjYHfYVEo51LUd5vKUcrqj/PvvYj5pFF7hlQgu5:Pyp3rXjS7cNU5vK5rq3vvYN/Ogu
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-