General
-
Target
96a676b5a46cd2272459d16c6ba3bacb0c8d3f47059aeb08a94cefd2c9fa3f29
-
Size
1.0MB
-
Sample
241209-s2q18axlhr
-
MD5
7b4ad4dbf6e4580b8f8c77b4cee261c3
-
SHA1
a0ec2acea793dda997a3dfa1c869c66a3122341f
-
SHA256
96a676b5a46cd2272459d16c6ba3bacb0c8d3f47059aeb08a94cefd2c9fa3f29
-
SHA512
3349cad638cf58a3c15b7a16df797b15dc528dc181d5133b654312d8155a3dcaa2b239abfb44d55b0d5ef11f932da15683275f36052ee7ade43c390b04a2bf00
-
SSDEEP
24576:a9yzNBe14PPPDj5pGSZb1iUyJxuxqH1jznDyLyF8pb5RG846Eg4Pi9:he1UPpp/1iVJxuxk1neLyQOp6ErPM
Malware Config
Targets
-
-
Target
96a676b5a46cd2272459d16c6ba3bacb0c8d3f47059aeb08a94cefd2c9fa3f29
-
Size
1.0MB
-
MD5
7b4ad4dbf6e4580b8f8c77b4cee261c3
-
SHA1
a0ec2acea793dda997a3dfa1c869c66a3122341f
-
SHA256
96a676b5a46cd2272459d16c6ba3bacb0c8d3f47059aeb08a94cefd2c9fa3f29
-
SHA512
3349cad638cf58a3c15b7a16df797b15dc528dc181d5133b654312d8155a3dcaa2b239abfb44d55b0d5ef11f932da15683275f36052ee7ade43c390b04a2bf00
-
SSDEEP
24576:a9yzNBe14PPPDj5pGSZb1iUyJxuxqH1jznDyLyF8pb5RG846Eg4Pi9:he1UPpp/1iVJxuxk1neLyQOp6ErPM
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
DCRat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1