General

  • Target

    DCRatBuild.bat

  • Size

    3.2MB

  • Sample

    240623-g41snasdqh

  • MD5

    76d2800de2353c80c42262e6772f5229

  • SHA1

    47584f7c7cf9652860176b456e0a5a21609302ff

  • SHA256

    e485e901935d31d48757a93df77a84ae81d52e8421035ef79ecf413dbb3aeda3

  • SHA512

    344d19e16979bfcb3d6caf8b122a677084e703dda8087a2d5785b0b4c2dfcfad39b871a1f0cd458e336a8e8fa5f41855c103eaefb33dfb662cd2bdc04b89a792

  • SSDEEP

    49152:UbA30aiMZ5iiWWxMq+mdgZIMp/kCLbEl3AoD/mhevdPrCC3OGGQb4EIKZ:Ube2iWrmdgVFLAlm2OC3imSKZ

Score
10/10

Malware Config

Targets

    • Target

      DCRatBuild.bat

    • Size

      3.2MB

    • MD5

      76d2800de2353c80c42262e6772f5229

    • SHA1

      47584f7c7cf9652860176b456e0a5a21609302ff

    • SHA256

      e485e901935d31d48757a93df77a84ae81d52e8421035ef79ecf413dbb3aeda3

    • SHA512

      344d19e16979bfcb3d6caf8b122a677084e703dda8087a2d5785b0b4c2dfcfad39b871a1f0cd458e336a8e8fa5f41855c103eaefb33dfb662cd2bdc04b89a792

    • SSDEEP

      49152:UbA30aiMZ5iiWWxMq+mdgZIMp/kCLbEl3AoD/mhevdPrCC3OGGQb4EIKZ:Ube2iWrmdgVFLAlm2OC3imSKZ

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks