General
-
Target
800cf7500a75ff582ad707ae42bae1f3.exe
-
Size
2.6MB
-
Sample
240809-bejvystelk
-
MD5
800cf7500a75ff582ad707ae42bae1f3
-
SHA1
3bf79b3793f3522838403e585dc772f85beb5b3a
-
SHA256
ea013cbc1ac6fe7992f8af75ac2d9c0d6ae6c004df923f3738a7bde0d5a10d1d
-
SHA512
948b3bec3b5c9adcad5e27680f1d52dfcd543089e19202f7ec7b000bb43bf162d1f79f8071a549b1a74a0128545eb5664ecdac70c582d79b64b12efe5a52faa2
-
SSDEEP
49152:UbA30H5Jq68FvhT1/FP7INtpmJ5t+Zlj8gN0o3BKk7xDsGxnN22e7d:UbT54H9rUtQJ/o1N0oxKcnSd
Malware Config
Targets
-
-
Target
800cf7500a75ff582ad707ae42bae1f3.exe
-
Size
2.6MB
-
MD5
800cf7500a75ff582ad707ae42bae1f3
-
SHA1
3bf79b3793f3522838403e585dc772f85beb5b3a
-
SHA256
ea013cbc1ac6fe7992f8af75ac2d9c0d6ae6c004df923f3738a7bde0d5a10d1d
-
SHA512
948b3bec3b5c9adcad5e27680f1d52dfcd543089e19202f7ec7b000bb43bf162d1f79f8071a549b1a74a0128545eb5664ecdac70c582d79b64b12efe5a52faa2
-
SSDEEP
49152:UbA30H5Jq68FvhT1/FP7INtpmJ5t+Zlj8gN0o3BKk7xDsGxnN22e7d:UbT54H9rUtQJ/o1N0oxKcnSd
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-