General
-
Target
DCRatBuild.bat
-
Size
3.0MB
-
Sample
240723-2yblssxaka
-
MD5
a712786c7410347d56043f3568ecfb45
-
SHA1
226d4b5b732cbd5281f8280b8cf94244888d40b8
-
SHA256
a5780a046f63df0779843c1ccdbff0838467156afce4f60998f7f2c4ac74b1f6
-
SHA512
1640fbb8198391f1930392bc3de4a43e26aaedfb7d1bef2a9cc827b861417d227360562a25b13670f576d5103e92d9f0af2b1d6521ae1df8ba56d6fc04dfa4c4
-
SSDEEP
49152:UbA30tnC+TIAYOv3ZQ9sqyxvQyErT+WOimOay3kEqiLl+1LrhhSxi1PLjxWEA:UbRndTxYOP8Qp+iWtay3kl2QrLPLjxbA
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
DCRatBuild.bat
-
Size
3.0MB
-
MD5
a712786c7410347d56043f3568ecfb45
-
SHA1
226d4b5b732cbd5281f8280b8cf94244888d40b8
-
SHA256
a5780a046f63df0779843c1ccdbff0838467156afce4f60998f7f2c4ac74b1f6
-
SHA512
1640fbb8198391f1930392bc3de4a43e26aaedfb7d1bef2a9cc827b861417d227360562a25b13670f576d5103e92d9f0af2b1d6521ae1df8ba56d6fc04dfa4c4
-
SSDEEP
49152:UbA30tnC+TIAYOv3ZQ9sqyxvQyErT+WOimOay3kEqiLl+1LrhhSxi1PLjxWEA:UbRndTxYOP8Qp+iWtay3kl2QrLPLjxbA
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-