General
-
Target
3b79471f27a94bec8b1f2d203691700f2ecf92cb295abc500b5bce7e49714599.exe
-
Size
828KB
-
Sample
240522-zxmlkagg49
-
MD5
22f0ee640dc3afa425a67edeadfd8a00
-
SHA1
e88fd97e116108a4b765971cdddd7890bab0bbf0
-
SHA256
3b79471f27a94bec8b1f2d203691700f2ecf92cb295abc500b5bce7e49714599
-
SHA512
db92030c1b38d57173aefa11e26a0d9a973097f496557da1a3f3303097901e344f56bc1c579cf7090ee0b07c168d54c31c45e83ad8f1e5edf595dcae50d86cdc
-
SSDEEP
12288:u7sJ0qn14m01koie9G0OmMr2LQO1IL2wBRZ5rUOX/TJAAeZdV:r0O4mBmaiR1I93n/TWA6V
Malware Config
Targets
-
-
Target
3b79471f27a94bec8b1f2d203691700f2ecf92cb295abc500b5bce7e49714599.exe
-
Size
828KB
-
MD5
22f0ee640dc3afa425a67edeadfd8a00
-
SHA1
e88fd97e116108a4b765971cdddd7890bab0bbf0
-
SHA256
3b79471f27a94bec8b1f2d203691700f2ecf92cb295abc500b5bce7e49714599
-
SHA512
db92030c1b38d57173aefa11e26a0d9a973097f496557da1a3f3303097901e344f56bc1c579cf7090ee0b07c168d54c31c45e83ad8f1e5edf595dcae50d86cdc
-
SSDEEP
12288:u7sJ0qn14m01koie9G0OmMr2LQO1IL2wBRZ5rUOX/TJAAeZdV:r0O4mBmaiR1I93n/TWA6V
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-