General
-
Target
a56e046d587cf2a6351bbf456ce47982f4aa1c9a6248ead75d734dce42d80fe8.exe
-
Size
2.8MB
-
Sample
240712-w2ejzaxbrb
-
MD5
0654ee38b256d8b4ed07199928fa95e6
-
SHA1
7ae32ebec9dbf435c5ac41dea6a9e8875af291bc
-
SHA256
a56e046d587cf2a6351bbf456ce47982f4aa1c9a6248ead75d734dce42d80fe8
-
SHA512
097ec294941531541bac08a9554685b822e025f4c942f222ab26ddb23bcfa808e6609d6c503770c5ff59fd4fb680f9fec60f7f80ad5395624b246da7994af1f9
-
SSDEEP
49152:UbA30r0LzsdjjjjJFL+wkwyrcRn6VrrPnfqfLldfHUc5cqTQ:UbfSzsdjtB+wkPYxW/PnfqLf0c5fQ
Malware Config
Targets
-
-
Target
a56e046d587cf2a6351bbf456ce47982f4aa1c9a6248ead75d734dce42d80fe8.exe
-
Size
2.8MB
-
MD5
0654ee38b256d8b4ed07199928fa95e6
-
SHA1
7ae32ebec9dbf435c5ac41dea6a9e8875af291bc
-
SHA256
a56e046d587cf2a6351bbf456ce47982f4aa1c9a6248ead75d734dce42d80fe8
-
SHA512
097ec294941531541bac08a9554685b822e025f4c942f222ab26ddb23bcfa808e6609d6c503770c5ff59fd4fb680f9fec60f7f80ad5395624b246da7994af1f9
-
SSDEEP
49152:UbA30r0LzsdjjjjJFL+wkwyrcRn6VrrPnfqfLldfHUc5cqTQ:UbfSzsdjtB+wkPYxW/PnfqLf0c5fQ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-