General
-
Target
2fd91fb204ecbf2d457ecba27ac0d150N.exe
-
Size
827KB
-
Sample
240724-3fwppatdkr
-
MD5
2fd91fb204ecbf2d457ecba27ac0d150
-
SHA1
e748460f2c9b8d4c95fe38b75b6ad7fa7709907d
-
SHA256
25676c8823526376763d08d0b7a835ca9f989676ad07e7dea8f1e66556ff7ac4
-
SHA512
ac1d50644567baf4f9e0bfef29297a992826fd2fec70ab9bc6243c666479a810372b768299545d64d15e4321ae75948ea1a6fb8d062eb6b475481b181822cd84
-
SSDEEP
12288:7sW6tROk7uzV48iOC4rmQTgki80axC06XQxBnLFxja1a40ms:7gT7uzVtrm8XC0f/Jxja1E
Malware Config
Targets
-
-
Target
2fd91fb204ecbf2d457ecba27ac0d150N.exe
-
Size
827KB
-
MD5
2fd91fb204ecbf2d457ecba27ac0d150
-
SHA1
e748460f2c9b8d4c95fe38b75b6ad7fa7709907d
-
SHA256
25676c8823526376763d08d0b7a835ca9f989676ad07e7dea8f1e66556ff7ac4
-
SHA512
ac1d50644567baf4f9e0bfef29297a992826fd2fec70ab9bc6243c666479a810372b768299545d64d15e4321ae75948ea1a6fb8d062eb6b475481b181822cd84
-
SSDEEP
12288:7sW6tROk7uzV48iOC4rmQTgki80axC06XQxBnLFxja1a40ms:7gT7uzVtrm8XC0f/Jxja1E
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-