General
-
Target
Bridgeweb.exe
-
Size
1.3MB
-
Sample
240425-wq8zfadc3w
-
MD5
e3ce927f815a95c29f73420d0e67879f
-
SHA1
f5b03d0a0e511bab4df6320c4366f86c4c7d89d4
-
SHA256
087bdf8b717691f1c640667ebe0d0b72de0a2b9f47218e5c7812d393ea7ed164
-
SHA512
440347c8b8d1aa1cd123b7a82e8af743e22f0e81c4f0c1002d14f0cd82c46f40fc5f89f3a4004ae1a35f62e41eeb599537da9758954e50b7bfd46331e0ae287e
-
SSDEEP
24576:h7RYYxvEaSAC5gZ9hmQKzebIRklIjvojDw9xi29Ya5L:9mASAsMMyXDIf5
Malware Config
Targets
-
-
Target
Bridgeweb.exe
-
Size
1.3MB
-
MD5
e3ce927f815a95c29f73420d0e67879f
-
SHA1
f5b03d0a0e511bab4df6320c4366f86c4c7d89d4
-
SHA256
087bdf8b717691f1c640667ebe0d0b72de0a2b9f47218e5c7812d393ea7ed164
-
SHA512
440347c8b8d1aa1cd123b7a82e8af743e22f0e81c4f0c1002d14f0cd82c46f40fc5f89f3a4004ae1a35f62e41eeb599537da9758954e50b7bfd46331e0ae287e
-
SSDEEP
24576:h7RYYxvEaSAC5gZ9hmQKzebIRklIjvojDw9xi29Ya5L:9mASAsMMyXDIf5
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-