General
-
Target
f9de98bb8b3a6918df525169f13fdb4f2a0389025b2d39c33c129c4c877cc356.exe
-
Size
2.0MB
-
Sample
250114-dyh4waxqal
-
MD5
b1ee79054f4b22b3288337c0d0a70619
-
SHA1
0cbe1c16fc78a1fc15974e2b452fd6a20011571a
-
SHA256
f9de98bb8b3a6918df525169f13fdb4f2a0389025b2d39c33c129c4c877cc356
-
SHA512
4961a2bb7ce3148388f43fcb2ee001745c9b5bad575ce4f704d0affd63df3ec858ef039c5099d38bd827bbd2a05d57e4ac2162040ac785d9289bb2b9e2a68335
-
SSDEEP
24576:U2G/nvxW3Ww0t042y0hlXx+FY8ghJwOvPBE4oL1agNTUL/5aH/abU:UbA30db0hogRBaDGTU
Malware Config
Targets
-
-
Target
f9de98bb8b3a6918df525169f13fdb4f2a0389025b2d39c33c129c4c877cc356.exe
-
Size
2.0MB
-
MD5
b1ee79054f4b22b3288337c0d0a70619
-
SHA1
0cbe1c16fc78a1fc15974e2b452fd6a20011571a
-
SHA256
f9de98bb8b3a6918df525169f13fdb4f2a0389025b2d39c33c129c4c877cc356
-
SHA512
4961a2bb7ce3148388f43fcb2ee001745c9b5bad575ce4f704d0affd63df3ec858ef039c5099d38bd827bbd2a05d57e4ac2162040ac785d9289bb2b9e2a68335
-
SSDEEP
24576:U2G/nvxW3Ww0t042y0hlXx+FY8ghJwOvPBE4oL1agNTUL/5aH/abU:UbA30db0hogRBaDGTU
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-