General
-
Target
52fd5f4ce18c0d8ee4fce41364371d39bf024d3be241cc4f765a6c73cff1d288.exe
-
Size
1.2MB
-
Sample
250203-dvk43aykct
-
MD5
fed24fca9235528a9e0a686ff60b723d
-
SHA1
e497808ca573e7dfd2e4d99d2c085ab9724707e0
-
SHA256
52fd5f4ce18c0d8ee4fce41364371d39bf024d3be241cc4f765a6c73cff1d288
-
SHA512
2c1699f394a6c8708cd13f53e7df631b7548d72bb46b035963044c1f6c73b84ebba1e1adc02fe5f22d2aae31470bc9e61cce623cbdee3682c54b387befb7b999
-
SSDEEP
12288:90b329aw7HMGuBrwRCRa+XplQBuK7hEefjf05gRyC7Z3M6xqPhbqOEJv005vnhJb:98yaw7HMHXRa+y7htfxRr2EgKt0O8C3
Malware Config
Targets
-
-
Target
52fd5f4ce18c0d8ee4fce41364371d39bf024d3be241cc4f765a6c73cff1d288.exe
-
Size
1.2MB
-
MD5
fed24fca9235528a9e0a686ff60b723d
-
SHA1
e497808ca573e7dfd2e4d99d2c085ab9724707e0
-
SHA256
52fd5f4ce18c0d8ee4fce41364371d39bf024d3be241cc4f765a6c73cff1d288
-
SHA512
2c1699f394a6c8708cd13f53e7df631b7548d72bb46b035963044c1f6c73b84ebba1e1adc02fe5f22d2aae31470bc9e61cce623cbdee3682c54b387befb7b999
-
SSDEEP
12288:90b329aw7HMGuBrwRCRa+XplQBuK7hEefjf05gRyC7Z3M6xqPhbqOEJv005vnhJb:98yaw7HMHXRa+y7htfxRr2EgKt0O8C3
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-