General
-
Target
2c00ebc767b339c3baf6bcf3086edf51.bin
-
Size
2.0MB
-
Sample
240729-csq2vssdrh
-
MD5
85ed2c8c7e86dc1f2936460e31e19c24
-
SHA1
e0aa0687402f86ded103f03f695fc0d8aa80c586
-
SHA256
68e568bb3b948f0539ca8e1b6651bcb6a7be4182c79dcf5112cfc549e35d6a0a
-
SHA512
3f375bd47f84dedcee91ec972637eaa313179aabb9038a8361520883ab8ebbc6ccbf3f3ca0c4e7790ae3296b6d9724bc91234ea4589760851bc7849c7b775f7d
-
SSDEEP
49152:u8Z21a0weo35cxCrs5lExTSYW6aDCQd75GzGzxMmfnOeGZNcO5Pwtl:uGX3Gor6ETdWSQd7Y+xMmx2Nz5otl
Malware Config
Targets
-
-
Target
67e022273972cda8e1633f002043e4f03cc62bf603bfc95dd5c78af8c0cfb5d2.exe
-
Size
2.6MB
-
MD5
2c00ebc767b339c3baf6bcf3086edf51
-
SHA1
fd1aac21bf1604a175e1d87fa174d832503e3a79
-
SHA256
67e022273972cda8e1633f002043e4f03cc62bf603bfc95dd5c78af8c0cfb5d2
-
SHA512
6a93dc3059d6d293701aea06b368cfb9c7e807bcbbf93a34b62cc7b7541ce4b9c831ac270a19e1fb3b1dcc1a27425ed84796a5a435e6920de52610114a6462a8
-
SSDEEP
49152:MbA37V8c1CwZZmO9DQC6pX/PiyS3DAKF6aMS8gRDs6/STCqs82kPq5Xom5:Mb68UCwZZ2rR/Pi1UraxTKTCRem5
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-