General
-
Target
0ad0b4a4a549230e090d712b5521bd96.exe
-
Size
3.3MB
-
Sample
241027-a4kywaynhn
-
MD5
0ad0b4a4a549230e090d712b5521bd96
-
SHA1
55690e0d976955e80f14c314efcaa34e3303a02b
-
SHA256
9882ee185d8d4db2a86040b7e3c7687cef737470f2a7b5c88868e80880cbd429
-
SHA512
b689ab2b7e3a59f760d3c6cb3b72927e3dc0eb9323aceb05c2571ca85863fc769098924b943e6e80edb1853c348451869996fd4c38a7dd10dc8e2970e5d4d027
-
SSDEEP
49152:dvE7aj/zSltwCUFFINtKAh/tIBs2htYmMoxqSeU843FULbiGLSkGHuIB6MlwALMV:9FzPFFIv7h/KVWYxVeE+i1FOIB6Mmkw
Malware Config
Targets
-
-
Target
0ad0b4a4a549230e090d712b5521bd96.exe
-
Size
3.3MB
-
MD5
0ad0b4a4a549230e090d712b5521bd96
-
SHA1
55690e0d976955e80f14c314efcaa34e3303a02b
-
SHA256
9882ee185d8d4db2a86040b7e3c7687cef737470f2a7b5c88868e80880cbd429
-
SHA512
b689ab2b7e3a59f760d3c6cb3b72927e3dc0eb9323aceb05c2571ca85863fc769098924b943e6e80edb1853c348451869996fd4c38a7dd10dc8e2970e5d4d027
-
SSDEEP
49152:dvE7aj/zSltwCUFFINtKAh/tIBs2htYmMoxqSeU843FULbiGLSkGHuIB6MlwALMV:9FzPFFIv7h/KVWYxVeE+i1FOIB6Mmkw
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-