General
-
Target
DCRatBuild.exe
-
Size
1.1MB
-
Sample
240716-2g6evatbnl
-
MD5
e9bc068017ce93f26711bc6cee5baaf5
-
SHA1
397be9a2d6a68e4c49beaa694e12c338253216df
-
SHA256
066802e184c05d76cc3657b71f4e8572f694d59bb2a7baa8fed3a6605476a709
-
SHA512
e93f62eb34d3a3010d1b5ff250de512c81134e58ca0f9a9eb91acecd73c7abc0c5396c93640390608af9d06b196148949be32c63417acea51ece1595b909a14c
-
SSDEEP
24576:U2G/nvxW3Ww0tWq4f28wBUVIL8FGstUPtekz2N:UbA30WDf6QEa
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
1.1MB
-
MD5
e9bc068017ce93f26711bc6cee5baaf5
-
SHA1
397be9a2d6a68e4c49beaa694e12c338253216df
-
SHA256
066802e184c05d76cc3657b71f4e8572f694d59bb2a7baa8fed3a6605476a709
-
SHA512
e93f62eb34d3a3010d1b5ff250de512c81134e58ca0f9a9eb91acecd73c7abc0c5396c93640390608af9d06b196148949be32c63417acea51ece1595b909a14c
-
SSDEEP
24576:U2G/nvxW3Ww0tWq4f28wBUVIL8FGstUPtekz2N:UbA30WDf6QEa
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-