General
-
Target
Desktop.exe
-
Size
4.9MB
-
Sample
240713-tl6bmszcrc
-
MD5
ea14840181f0547b32fe549479280d27
-
SHA1
70de994344a37be03b6c0dba8deb395d1c588afa
-
SHA256
226a936a762be00940d7aefbf77aec54a106308e9da5201c0cdc2999278c90b3
-
SHA512
cd8afb4fdbbdb202c8f8ad6ba66552e2137aab3602d0c10ab84a7adfa78d6a55a1ca381099b4f4539f4d379d7f1b207e21c27c79ccb80fd81dda08a37889c5ec
-
SSDEEP
98304:Zqw/bgG3HZZAnU8Sm/vGJMERC6zXbHc/05xnhIdgcJcg+uYFgRevPNMv:Zqw/PXZZwSm/vGJMEVLGUFmcg+uDYNA
Static task
static1
Behavioral task
behavioral1
Sample
Desktop.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Desktop.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Desktop.exe
-
Size
4.9MB
-
MD5
ea14840181f0547b32fe549479280d27
-
SHA1
70de994344a37be03b6c0dba8deb395d1c588afa
-
SHA256
226a936a762be00940d7aefbf77aec54a106308e9da5201c0cdc2999278c90b3
-
SHA512
cd8afb4fdbbdb202c8f8ad6ba66552e2137aab3602d0c10ab84a7adfa78d6a55a1ca381099b4f4539f4d379d7f1b207e21c27c79ccb80fd81dda08a37889c5ec
-
SSDEEP
98304:Zqw/bgG3HZZAnU8Sm/vGJMERC6zXbHc/05xnhIdgcJcg+uYFgRevPNMv:Zqw/PXZZwSm/vGJMEVLGUFmcg+uDYNA
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-