General
-
Target
DCRatBuild.exe
-
Size
1.1MB
-
Sample
240511-wpxvsadd36
-
MD5
d3015863c92cc3797980343f4ffd10d0
-
SHA1
6a901351f746727e0fbd86f63f483b95813d0b20
-
SHA256
1fe98d70ec2340f9b428a2a68a65e93ad5b0e886d92f68fbe4c7206925ea905a
-
SHA512
c16e0227fec0862054d988a59a2e03652d267960648a58e8a9570426f684af7b98949ecd63ab6ad04b416134046dcb3ed8573a1112e7d74f5d70581bdf05aee1
-
SSDEEP
24576:U2G/nvxW3Ww0tdTNNkWMVun8lcuIMdWuZ7xRy:UbA30dTN6VuEI
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
1.1MB
-
MD5
d3015863c92cc3797980343f4ffd10d0
-
SHA1
6a901351f746727e0fbd86f63f483b95813d0b20
-
SHA256
1fe98d70ec2340f9b428a2a68a65e93ad5b0e886d92f68fbe4c7206925ea905a
-
SHA512
c16e0227fec0862054d988a59a2e03652d267960648a58e8a9570426f684af7b98949ecd63ab6ad04b416134046dcb3ed8573a1112e7d74f5d70581bdf05aee1
-
SSDEEP
24576:U2G/nvxW3Ww0tdTNNkWMVun8lcuIMdWuZ7xRy:UbA30dTN6VuEI
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-