General
-
Target
DCRatBuild.exe
-
Size
3.2MB
-
Sample
240623-n775gazbnc
-
MD5
a76848ffa68ac31b2794dee11f81b6f7
-
SHA1
5f31ddbdd4c1eaf0217fa94589e8c9f88e35ae30
-
SHA256
731471697e2a5dfd48bc747edb50362d7cd2ad35f8e26ded11a0c2e72913cc71
-
SHA512
67af2af5dc80565987bb4fbabfe6d100733a63c91ab0299941e01b328d78fcd7eb95fb9275b2d8725a17409963c3a4c12fd5d74e29a8805f05edaea68b74b1dd
-
SSDEEP
98304:UbwIPwtWln8CPuVF7iPOKxNLVHrrknSmgKP6:U8Ip/PuV5MrrkhK
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
3.2MB
-
MD5
a76848ffa68ac31b2794dee11f81b6f7
-
SHA1
5f31ddbdd4c1eaf0217fa94589e8c9f88e35ae30
-
SHA256
731471697e2a5dfd48bc747edb50362d7cd2ad35f8e26ded11a0c2e72913cc71
-
SHA512
67af2af5dc80565987bb4fbabfe6d100733a63c91ab0299941e01b328d78fcd7eb95fb9275b2d8725a17409963c3a4c12fd5d74e29a8805f05edaea68b74b1dd
-
SSDEEP
98304:UbwIPwtWln8CPuVF7iPOKxNLVHrrknSmgKP6:U8Ip/PuV5MrrkhK
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-