General
-
Target
start.bat
-
Size
3.0MB
-
Sample
240723-y1zvmawdlk
-
MD5
75ccd36ede458c2ef9ee45ba7739dfc5
-
SHA1
01fbc42242dedb80da16c1532dc2afa657ef4fbe
-
SHA256
307a5c2cb2a8adee62e9497bb7d95092849d7591ea3519984ddfa8e0318a86f9
-
SHA512
474bdb90fcab975223db81be9197a34748a54861d1f8433f580de3b2b7ea21e9133b2922ac9ee433593e097f90e0e18f85ad585ec3fb99c323dc3a8c94a91090
-
SSDEEP
49152:ubA3j6Y+EAoXPmkgXzisiPzzGtM5USZzjzAzYfr4rJUkNBMX6Nbl:ubFY+eXnOmpnGK5jRIJUqi+l
Behavioral task
behavioral1
Sample
start.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
start.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
start.bat
-
Size
3.0MB
-
MD5
75ccd36ede458c2ef9ee45ba7739dfc5
-
SHA1
01fbc42242dedb80da16c1532dc2afa657ef4fbe
-
SHA256
307a5c2cb2a8adee62e9497bb7d95092849d7591ea3519984ddfa8e0318a86f9
-
SHA512
474bdb90fcab975223db81be9197a34748a54861d1f8433f580de3b2b7ea21e9133b2922ac9ee433593e097f90e0e18f85ad585ec3fb99c323dc3a8c94a91090
-
SSDEEP
49152:ubA3j6Y+EAoXPmkgXzisiPzzGtM5USZzjzAzYfr4rJUkNBMX6Nbl:ubFY+eXnOmpnGK5jRIJUqi+l
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-