General
-
Target
DCRatBuild.exe
-
Size
1.1MB
-
Sample
240530-ja322abg32
-
MD5
2ab8ff5b7621758d77e24b1852beb01a
-
SHA1
b0ad327f9d520c8d9b3043c0944a4f8c85bca394
-
SHA256
2a74767d7f14e9b65318f9210bf2371ed08b46ae1eb49f6367e20d5d82dad470
-
SHA512
78cd9729e7b55b06aa95242e7d9fde36b31b52031fe9c6319d3acacbe2c5a7682c955f7cca1c838465b011d84fcf4d633de49478cd7a26ae65b299126e5abe29
-
SSDEEP
24576:U2G/nvxW3Ww0tHiU0YJ2/+Fv/maIfrLeEhsnW4S9:UbA30HiU0Yg+RIGEh/D
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
1.1MB
-
MD5
2ab8ff5b7621758d77e24b1852beb01a
-
SHA1
b0ad327f9d520c8d9b3043c0944a4f8c85bca394
-
SHA256
2a74767d7f14e9b65318f9210bf2371ed08b46ae1eb49f6367e20d5d82dad470
-
SHA512
78cd9729e7b55b06aa95242e7d9fde36b31b52031fe9c6319d3acacbe2c5a7682c955f7cca1c838465b011d84fcf4d633de49478cd7a26ae65b299126e5abe29
-
SSDEEP
24576:U2G/nvxW3Ww0tHiU0YJ2/+Fv/maIfrLeEhsnW4S9:UbA30HiU0Yg+RIGEh/D
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-