General
-
Target
DCRatBuild.exe
-
Size
1.5MB
-
Sample
240618-rmgnkaxcnf
-
MD5
0a9a89cf2dc3517c149c25dd3283fc80
-
SHA1
322587f3d9a2c8142d6002d989fd31f3c20ba84a
-
SHA256
f413c35eca818b528e5a0e5aa6c8fdd46f9e1e40d379feb3a70b58310c6c514a
-
SHA512
5ec90cc61a43bb7029150dcaa741bab7914512036e4e21928aebf02309d211401796a9b7be36cd2bb7f0ebdb8a36013137c4fb06d7301f0c56ecd18feb69bdf4
-
SSDEEP
24576:U2G/nvxW3Ww0tO7X8aPEgLHD7rGqXj0O7LFxd5ieEn3U4cLwDI:UbA30O7sadbGSQONHzE74w8
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
1.5MB
-
MD5
0a9a89cf2dc3517c149c25dd3283fc80
-
SHA1
322587f3d9a2c8142d6002d989fd31f3c20ba84a
-
SHA256
f413c35eca818b528e5a0e5aa6c8fdd46f9e1e40d379feb3a70b58310c6c514a
-
SHA512
5ec90cc61a43bb7029150dcaa741bab7914512036e4e21928aebf02309d211401796a9b7be36cd2bb7f0ebdb8a36013137c4fb06d7301f0c56ecd18feb69bdf4
-
SSDEEP
24576:U2G/nvxW3Ww0tO7X8aPEgLHD7rGqXj0O7LFxd5ieEn3U4cLwDI:UbA30O7sadbGSQONHzE74w8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-