General
-
Target
DCRatBuild.exe
-
Size
1.5MB
-
Sample
250119-peywrsxmgq
-
MD5
c421510c6a46fcf9b10c90672df57670
-
SHA1
8bd03e0a5c08e1bdce3c89c5cff0c251010f6371
-
SHA256
c15015876eb1710d01b4b3e624c08018c8d5c01d005b9a483be5edb17aaa709e
-
SHA512
713bef3c610971b6b3d61ed492b93376fb2932acc328857d5558bdea519f6bebd386ed67744daa3a5d7f0ce635d9dcfb65930b902e6058855c721d165df16b11
-
SSDEEP
24576:U2G/nvxW3Ww0tk1HW292457Vudtb6tphnwTlD7jL79usS68sRclBkfKWVedo:UbA30k12w5Dbh+lu08LIKWH
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
1.5MB
-
MD5
c421510c6a46fcf9b10c90672df57670
-
SHA1
8bd03e0a5c08e1bdce3c89c5cff0c251010f6371
-
SHA256
c15015876eb1710d01b4b3e624c08018c8d5c01d005b9a483be5edb17aaa709e
-
SHA512
713bef3c610971b6b3d61ed492b93376fb2932acc328857d5558bdea519f6bebd386ed67744daa3a5d7f0ce635d9dcfb65930b902e6058855c721d165df16b11
-
SSDEEP
24576:U2G/nvxW3Ww0tk1HW292457Vudtb6tphnwTlD7jL79usS68sRclBkfKWVedo:UbA30k12w5Dbh+lu08LIKWH
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-