General
-
Target
0525b7e6060d595fa110a4f468a021a8.exe
-
Size
1.8MB
-
Sample
250125-3y1rcswpep
-
MD5
0525b7e6060d595fa110a4f468a021a8
-
SHA1
cdd9e1dd4b69ba4917741496f7b9c5d24f76e13b
-
SHA256
217c37e7c32187616ece92b2a79d53b7bbdcdddb4fd34defaf3a1a59e5f641c2
-
SHA512
a2e841cc5b57d4397393fdc2c225e5efbef00d991e955955aa8ffd75721acf8724bf1e1bbb502e3e07681adf4fd265718141ca2e4d92372dcc7c96d338fc2b5f
-
SSDEEP
49152:bBIqIVwuuaS/hq15Q4B6wq8QsNly9yi5PV3/a:lyiuuaHAw/9Ly9f5PJC
Malware Config
Targets
-
-
Target
0525b7e6060d595fa110a4f468a021a8.exe
-
Size
1.8MB
-
MD5
0525b7e6060d595fa110a4f468a021a8
-
SHA1
cdd9e1dd4b69ba4917741496f7b9c5d24f76e13b
-
SHA256
217c37e7c32187616ece92b2a79d53b7bbdcdddb4fd34defaf3a1a59e5f641c2
-
SHA512
a2e841cc5b57d4397393fdc2c225e5efbef00d991e955955aa8ffd75721acf8724bf1e1bbb502e3e07681adf4fd265718141ca2e4d92372dcc7c96d338fc2b5f
-
SSDEEP
49152:bBIqIVwuuaS/hq15Q4B6wq8QsNly9yi5PV3/a:lyiuuaHAw/9Ly9f5PJC
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-