General
-
Target
68a455db174cad9292c5e486fa78fc20af590a5c31aa164db1ebdd5fd5a89121.exe
-
Size
1.1MB
-
Sample
240823-ltlm7szbpk
-
MD5
b2defecc2eacf24bebb4772acd340ebf
-
SHA1
fcf2334fdc60081ee78b00bb3e3cec7b9f85d461
-
SHA256
68a455db174cad9292c5e486fa78fc20af590a5c31aa164db1ebdd5fd5a89121
-
SHA512
2b7fe94b8d9bdbc7e8ac958c296819064ad5bff7ef69eaa910ee55b4a43d8e3ce2f63e6e800141619185f8b6f686e935441dcab18102c8fa19e6fc0914c5f69c
-
SSDEEP
24576:Z4ydpJ5NRu5alvYnjkLMyb6Gi42Q6QrJrO:ZjdP8rWTbh956
Malware Config
Targets
-
-
Target
68a455db174cad9292c5e486fa78fc20af590a5c31aa164db1ebdd5fd5a89121.exe
-
Size
1.1MB
-
MD5
b2defecc2eacf24bebb4772acd340ebf
-
SHA1
fcf2334fdc60081ee78b00bb3e3cec7b9f85d461
-
SHA256
68a455db174cad9292c5e486fa78fc20af590a5c31aa164db1ebdd5fd5a89121
-
SHA512
2b7fe94b8d9bdbc7e8ac958c296819064ad5bff7ef69eaa910ee55b4a43d8e3ce2f63e6e800141619185f8b6f686e935441dcab18102c8fa19e6fc0914c5f69c
-
SSDEEP
24576:Z4ydpJ5NRu5alvYnjkLMyb6Gi42Q6QrJrO:ZjdP8rWTbh956
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-