General
-
Target
DCRatBuild.exe
-
Size
2.1MB
-
Sample
240618-y4bl7swbmc
-
MD5
4fe3f3d11141dae1b0857f2b4d6e124b
-
SHA1
8c70d03551d598430f22745ce4e3e5be77995511
-
SHA256
6c25b3a1603cb5d0225cde1d8c854e160442c9603dd34e9b506e164f465277e0
-
SHA512
05feac40335ed40c641992e0a2d81af93d39060a48321e5877f54c929039b858cddf0d80d16d82f47103e2be2109157a7be435fa0951b109469805af775667ee
-
SSDEEP
49152:ubA3jvl3uJX+3YYC756a/2sb36d/R+oqiJ7YYKL4yfWd/pGy:ubOlecUX/JTc/R+of5YY+ed/pGy
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
2.1MB
-
MD5
4fe3f3d11141dae1b0857f2b4d6e124b
-
SHA1
8c70d03551d598430f22745ce4e3e5be77995511
-
SHA256
6c25b3a1603cb5d0225cde1d8c854e160442c9603dd34e9b506e164f465277e0
-
SHA512
05feac40335ed40c641992e0a2d81af93d39060a48321e5877f54c929039b858cddf0d80d16d82f47103e2be2109157a7be435fa0951b109469805af775667ee
-
SSDEEP
49152:ubA3jvl3uJX+3YYC756a/2sb36d/R+oqiJ7YYKL4yfWd/pGy:ubOlecUX/JTc/R+of5YY+ed/pGy
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-