General
-
Target
02d4afb627db486201d4700854e390d9.exe
-
Size
2.3MB
-
Sample
250112-yvdp7sxlby
-
MD5
02d4afb627db486201d4700854e390d9
-
SHA1
f63533f82c2a434f9104ccc9beee3216796aeb14
-
SHA256
46cf8f5e46c3dbdd32c5f300f6fd395a7f12c0ec611de9e518bf7312f187590c
-
SHA512
0ccaa408f5e1e3481b413ab07dea2b77540e500097a7ab194f6052161517b2c29214d680e7731b9a39a300edf3b88a3b564f85c8008386099474e82c028109fc
-
SSDEEP
49152:uAHOUI3tHsLi/P025up1V40tz/i4Eq/qo8ychEcMPbVxFAK6E00:uIQ3L/zULV/qWch7MPxxFh6E0
Malware Config
Targets
-
-
Target
02d4afb627db486201d4700854e390d9.exe
-
Size
2.3MB
-
MD5
02d4afb627db486201d4700854e390d9
-
SHA1
f63533f82c2a434f9104ccc9beee3216796aeb14
-
SHA256
46cf8f5e46c3dbdd32c5f300f6fd395a7f12c0ec611de9e518bf7312f187590c
-
SHA512
0ccaa408f5e1e3481b413ab07dea2b77540e500097a7ab194f6052161517b2c29214d680e7731b9a39a300edf3b88a3b564f85c8008386099474e82c028109fc
-
SSDEEP
49152:uAHOUI3tHsLi/P025up1V40tz/i4Eq/qo8ychEcMPbVxFAK6E00:uIQ3L/zULV/qWch7MPxxFh6E0
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-