General
-
Target
DCRatBuildмщй.exe
-
Size
1.1MB
-
Sample
240714-rtjrhawfqa
-
MD5
baa98be8c9eadea500c27b1067046aab
-
SHA1
bbc5d68213c6693871c4759e0c3790de367a1ae5
-
SHA256
ef0ae9f94fe4bee89cbc48896b03e8040bead8789039f434151caa8df01b6d52
-
SHA512
cb4d93f85c0a96fc6657c87d20067380d8c732c7ffbb1aa7076ec36214570b9d6c3c32a6490faa97223c661051ae8d15b003f0e35aabb8190cb3413a5a8c0fdd
-
SSDEEP
24576:U2G/nvxW3Ww0tqUIElndz0cCYenFF1hbTpzlj:UbA30qM4meFF/H
Behavioral task
behavioral1
Sample
DCRatBuildмщй.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
DCRatBuildмщй.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
DCRatBuildмщй.exe
-
Size
1.1MB
-
MD5
baa98be8c9eadea500c27b1067046aab
-
SHA1
bbc5d68213c6693871c4759e0c3790de367a1ae5
-
SHA256
ef0ae9f94fe4bee89cbc48896b03e8040bead8789039f434151caa8df01b6d52
-
SHA512
cb4d93f85c0a96fc6657c87d20067380d8c732c7ffbb1aa7076ec36214570b9d6c3c32a6490faa97223c661051ae8d15b003f0e35aabb8190cb3413a5a8c0fdd
-
SSDEEP
24576:U2G/nvxW3Ww0tqUIElndz0cCYenFF1hbTpzlj:UbA30qM4meFF/H
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-