General
-
Target
DCRat.exe
-
Size
1.1MB
-
Sample
240622-lq6tzaxalr
-
MD5
f527457a94ed0b2c880dd74936599fee
-
SHA1
100cc57ca436b5ccea01122785b0cd46c79965d0
-
SHA256
f63fa2d093a9bcafe30855b24b45231303f5126159e5f40cd636ab2ca68e4581
-
SHA512
4546f8693ea9bdfc49d9a0d34937dc1f0d06872adb0695001cec88fb5f7a42645acde1800d360970d5416f2aac99d9461bd3541fd0257e8bc5a86380d7a47285
-
SSDEEP
24576:U2G/nvxW3Ww0tT4dfLcKrSNoZop+Phomlof5:UbA30T4dGNoZ8+5oCm
Behavioral task
behavioral1
Sample
DCRat.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
DCRat.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
DCRat.exe
-
Size
1.1MB
-
MD5
f527457a94ed0b2c880dd74936599fee
-
SHA1
100cc57ca436b5ccea01122785b0cd46c79965d0
-
SHA256
f63fa2d093a9bcafe30855b24b45231303f5126159e5f40cd636ab2ca68e4581
-
SHA512
4546f8693ea9bdfc49d9a0d34937dc1f0d06872adb0695001cec88fb5f7a42645acde1800d360970d5416f2aac99d9461bd3541fd0257e8bc5a86380d7a47285
-
SSDEEP
24576:U2G/nvxW3Ww0tT4dfLcKrSNoZop+Phomlof5:UbA30T4dGNoZ8+5oCm
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-