General

  • Target

    DCRatBuild.exe

  • Size

    3.2MB

  • Sample

    240623-n775gazbnc

  • MD5

    a76848ffa68ac31b2794dee11f81b6f7

  • SHA1

    5f31ddbdd4c1eaf0217fa94589e8c9f88e35ae30

  • SHA256

    731471697e2a5dfd48bc747edb50362d7cd2ad35f8e26ded11a0c2e72913cc71

  • SHA512

    67af2af5dc80565987bb4fbabfe6d100733a63c91ab0299941e01b328d78fcd7eb95fb9275b2d8725a17409963c3a4c12fd5d74e29a8805f05edaea68b74b1dd

  • SSDEEP

    98304:UbwIPwtWln8CPuVF7iPOKxNLVHrrknSmgKP6:U8Ip/PuV5MrrkhK

Score
10/10

Malware Config

Targets

    • Target

      DCRatBuild.exe

    • Size

      3.2MB

    • MD5

      a76848ffa68ac31b2794dee11f81b6f7

    • SHA1

      5f31ddbdd4c1eaf0217fa94589e8c9f88e35ae30

    • SHA256

      731471697e2a5dfd48bc747edb50362d7cd2ad35f8e26ded11a0c2e72913cc71

    • SHA512

      67af2af5dc80565987bb4fbabfe6d100733a63c91ab0299941e01b328d78fcd7eb95fb9275b2d8725a17409963c3a4c12fd5d74e29a8805f05edaea68b74b1dd

    • SSDEEP

      98304:UbwIPwtWln8CPuVF7iPOKxNLVHrrknSmgKP6:U8Ip/PuV5MrrkhK

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks