General
-
Target
Source.exe
-
Size
1.2MB
-
Sample
250202-w2m64swkdn
-
MD5
6179f45e49ae7257c1fb5859dc119f73
-
SHA1
14b8a63e92e4d9254a3949f841631b96f5eaa590
-
SHA256
7dc826deb7225c544091b7a33f6e9093617941d90fba7c5b5057ff97e231270f
-
SHA512
6f492fa5a1c7ba28c269355f80e316db05186ffd9ed28c72b1ce911cb8f46a10049fcfd09008ee99996194f4d154eb46e8b7af98c31db98a4a3690397a46b519
-
SSDEEP
24576:CoJOLUTJcMfM2kO9shrYgTnwxznA1sUo1sUa2hZU6EmC3Fp39zZF35:7BnLUDUZi6EZFbVb
Malware Config
Targets
-
-
Target
Source.exe
-
Size
1.2MB
-
MD5
6179f45e49ae7257c1fb5859dc119f73
-
SHA1
14b8a63e92e4d9254a3949f841631b96f5eaa590
-
SHA256
7dc826deb7225c544091b7a33f6e9093617941d90fba7c5b5057ff97e231270f
-
SHA512
6f492fa5a1c7ba28c269355f80e316db05186ffd9ed28c72b1ce911cb8f46a10049fcfd09008ee99996194f4d154eb46e8b7af98c31db98a4a3690397a46b519
-
SSDEEP
24576:CoJOLUTJcMfM2kO9shrYgTnwxznA1sUo1sUa2hZU6EmC3Fp39zZF35:7BnLUDUZi6EZFbVb
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-