General
-
Target
69ff8a0bc37e646c87c138131da225d134464a806fea55d265ee5813756340d7.exe
-
Size
828KB
-
Sample
241222-cjvnpaypbz
-
MD5
c6b30f794dcf67851d13e3335ef57088
-
SHA1
e97b575fc270d97d1e2df38291fd44dc70ff95ab
-
SHA256
69ff8a0bc37e646c87c138131da225d134464a806fea55d265ee5813756340d7
-
SHA512
28dc37c57408fa9e6e3a14a99d602e6c0f937e259f21eefd016424d03d40066e6b518c9b0bcbae8039c1691ce43ba8803c568ad69df163938e4ff2235c55188b
-
SSDEEP
12288:K5jHYVjmobNqsKDsSvjbHQVtVZJizDxRxhDsGALvbI6bnY6a2Xuk:1b4sKDZUZJuR/ALvbLnY8Xuk
Malware Config
Targets
-
-
Target
69ff8a0bc37e646c87c138131da225d134464a806fea55d265ee5813756340d7.exe
-
Size
828KB
-
MD5
c6b30f794dcf67851d13e3335ef57088
-
SHA1
e97b575fc270d97d1e2df38291fd44dc70ff95ab
-
SHA256
69ff8a0bc37e646c87c138131da225d134464a806fea55d265ee5813756340d7
-
SHA512
28dc37c57408fa9e6e3a14a99d602e6c0f937e259f21eefd016424d03d40066e6b518c9b0bcbae8039c1691ce43ba8803c568ad69df163938e4ff2235c55188b
-
SSDEEP
12288:K5jHYVjmobNqsKDsSvjbHQVtVZJizDxRxhDsGALvbI6bnY6a2Xuk:1b4sKDZUZJuR/ALvbLnY8Xuk
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-