General
-
Target
7d1742827128bccb907f2da5ebfe80621f2a3356162635ee26798d275ff74974
-
Size
3.5MB
-
Sample
241101-nl2ess1akr
-
MD5
04633b59c759e0f91a19848c453dc473
-
SHA1
3f7e45be68ba6c2b63d3088796e98c22f21e6b30
-
SHA256
7d1742827128bccb907f2da5ebfe80621f2a3356162635ee26798d275ff74974
-
SHA512
df6424b56e29747cb2890a0e8f2edd356b1c4fba87d7e9d3db933489ca97ff6376fcfd31cf7e230dde642c228116681e69c12c80912037d554390f7a4af0871f
-
SSDEEP
49152:F5IywAyfWfCxirbVGaVNmvVQdMeanKKmgzPSjhXoU72qh5YcPb1VXtBG+JUZq5Q5:FaywdWfxbVfEadMJKCz+Rf3Pb6AkNdk
Malware Config
Targets
-
-
Target
7d1742827128bccb907f2da5ebfe80621f2a3356162635ee26798d275ff74974
-
Size
3.5MB
-
MD5
04633b59c759e0f91a19848c453dc473
-
SHA1
3f7e45be68ba6c2b63d3088796e98c22f21e6b30
-
SHA256
7d1742827128bccb907f2da5ebfe80621f2a3356162635ee26798d275ff74974
-
SHA512
df6424b56e29747cb2890a0e8f2edd356b1c4fba87d7e9d3db933489ca97ff6376fcfd31cf7e230dde642c228116681e69c12c80912037d554390f7a4af0871f
-
SSDEEP
49152:F5IywAyfWfCxirbVGaVNmvVQdMeanKKmgzPSjhXoU72qh5YcPb1VXtBG+JUZq5Q5:FaywdWfxbVfEadMJKCz+Rf3Pb6AkNdk
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-