General
-
Target
DCRatBuild.exe
-
Size
1.1MB
-
Sample
240712-xj2r8awckl
-
MD5
395c321b98a6becd6e82acb363fe7206
-
SHA1
4e38cbeae81eab7088af83fa3d5ec1b5d360422b
-
SHA256
3c0dc6828037ae708ba136419b01bd08439cb1130bf248f246d9608256f6fe0f
-
SHA512
fe33b250ef401b26a7d2cc05a1b99f8fe48bd1e1d4e32d425674172d9f10c91c1cdc8ab4dd73794e2ef51aebe420a7a0a0feaea20956f724006217554374f3a0
-
SSDEEP
24576:U2G/nvxW3Ww0tPiIU6wdG8lXxRwDIxj8CYPwt:UbA30KZdnqcx1Y2
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
1.1MB
-
MD5
395c321b98a6becd6e82acb363fe7206
-
SHA1
4e38cbeae81eab7088af83fa3d5ec1b5d360422b
-
SHA256
3c0dc6828037ae708ba136419b01bd08439cb1130bf248f246d9608256f6fe0f
-
SHA512
fe33b250ef401b26a7d2cc05a1b99f8fe48bd1e1d4e32d425674172d9f10c91c1cdc8ab4dd73794e2ef51aebe420a7a0a0feaea20956f724006217554374f3a0
-
SSDEEP
24576:U2G/nvxW3Ww0tPiIU6wdG8lXxRwDIxj8CYPwt:UbA30KZdnqcx1Y2
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-