General
-
Target
20b7f5d28ee98e5c43286823ea8cf1e6.bin
-
Size
960KB
-
Sample
241107-yzat4sxmdz
-
MD5
589ddf75d7a3f3c6c3d6a2844c2c8707
-
SHA1
adb8c052c1266acf61007f7419498d72d55bbb4d
-
SHA256
b712e3a5e5db6e7f7d6a629021e2dbecc51871adb0d2a8cad2c5d094f5c1d410
-
SHA512
b524581fb059a974fa778bd571cd0c33f078f6bb2d238d0047d47f52d6685f7391f1d975e14ee4865f2ff637def3a86e0516c2a1168ec0caab7d0cd885749a09
-
SSDEEP
24576:oQe7G/jChZyuKbgxA0n4C5/wfbF8yN+LMt3e31HFN9cOd/FJA:skuhL0gWE2fB8yN+LMt3efp/Fq
Malware Config
Targets
-
-
Target
aac41b74838379e24f8b5ca5e704fea42bc06eb158b460dde82e6e3029c14ee7.exe
-
Size
1.5MB
-
MD5
20b7f5d28ee98e5c43286823ea8cf1e6
-
SHA1
78ca9fcf1eb4f779d09271121f0c2fc6b74de2e8
-
SHA256
aac41b74838379e24f8b5ca5e704fea42bc06eb158b460dde82e6e3029c14ee7
-
SHA512
ae6c707fd71fb6af879ccb82da8955228e871d94ad8fdc81f3483956aefda85ca4bdb7b1604d68cf5709932eb26c95b435bce500811dd3e8558596fca87139aa
-
SSDEEP
24576:U2G/nvxW3Ww0tU5oiFd+IZhV5UVdoWpcCQD/nxsRGIE0Fc3q7UEE:UbA30U5oiZGV+5TD6RJFs8a
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-