General
-
Target
Plague_cheat.com
-
Size
2.8MB
-
Sample
250128-ve6t9svpby
-
MD5
ef5276d0be3e1822ce19bfe693b35423
-
SHA1
cbbbeca8fd851a3382638918c6c9c81051f4f8a2
-
SHA256
e6e55e1293086de3ef5aaed779eb5cc7588407e0d0630ae8a3f663cab9d03225
-
SHA512
dff25e51209757eab339b37c8f41191b5adcdd9b6286dfcf599539a5cb29acdc53003ed291ca1055799440b60422995cecf3eeaeb60c17f0d507189dacbac0f7
-
SSDEEP
49152:5bA3LxZa81vSckW8sGvGXiS04+4ZTNI8rT7x67:5bqasSLsGOynKTW8rS
Malware Config
Targets
-
-
Target
Plague_cheat.com
-
Size
2.8MB
-
MD5
ef5276d0be3e1822ce19bfe693b35423
-
SHA1
cbbbeca8fd851a3382638918c6c9c81051f4f8a2
-
SHA256
e6e55e1293086de3ef5aaed779eb5cc7588407e0d0630ae8a3f663cab9d03225
-
SHA512
dff25e51209757eab339b37c8f41191b5adcdd9b6286dfcf599539a5cb29acdc53003ed291ca1055799440b60422995cecf3eeaeb60c17f0d507189dacbac0f7
-
SSDEEP
49152:5bA3LxZa81vSckW8sGvGXiS04+4ZTNI8rT7x67:5bqasSLsGOynKTW8rS
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-