General

  • Target

    DCRatBuild.exe

  • Size

    2.1MB

  • Sample

    240618-y4bl7swbmc

  • MD5

    4fe3f3d11141dae1b0857f2b4d6e124b

  • SHA1

    8c70d03551d598430f22745ce4e3e5be77995511

  • SHA256

    6c25b3a1603cb5d0225cde1d8c854e160442c9603dd34e9b506e164f465277e0

  • SHA512

    05feac40335ed40c641992e0a2d81af93d39060a48321e5877f54c929039b858cddf0d80d16d82f47103e2be2109157a7be435fa0951b109469805af775667ee

  • SSDEEP

    49152:ubA3jvl3uJX+3YYC756a/2sb36d/R+oqiJ7YYKL4yfWd/pGy:ubOlecUX/JTc/R+of5YY+ed/pGy

Score
10/10

Malware Config

Targets

    • Target

      DCRatBuild.exe

    • Size

      2.1MB

    • MD5

      4fe3f3d11141dae1b0857f2b4d6e124b

    • SHA1

      8c70d03551d598430f22745ce4e3e5be77995511

    • SHA256

      6c25b3a1603cb5d0225cde1d8c854e160442c9603dd34e9b506e164f465277e0

    • SHA512

      05feac40335ed40c641992e0a2d81af93d39060a48321e5877f54c929039b858cddf0d80d16d82f47103e2be2109157a7be435fa0951b109469805af775667ee

    • SSDEEP

      49152:ubA3jvl3uJX+3YYC756a/2sb36d/R+oqiJ7YYKL4yfWd/pGy:ubOlecUX/JTc/R+of5YY+ed/pGy

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks