General
-
Target
90e289ec47b4928d52b7112812a02814.exe
-
Size
1.2MB
-
Sample
250207-wbv42asjem
-
MD5
90e289ec47b4928d52b7112812a02814
-
SHA1
f557de05746d7c22664c5919269c4ba508633887
-
SHA256
dd16f7cc4746193b2976567db0d2d584a5027ee7a84532a0d937b55ab1a6b8a6
-
SHA512
214400ce98489b7ca011b12aca9c85a12d15f774d4a12c2c42d0a8203db4104b6d12f5c3b02ba269b1a719ffcd75e0c85c347248e3384f6bc39ec553bb89bba2
-
SSDEEP
24576:qzQllN3bTfSMnKX/gdJ9FMdoV2LQB9adKOVSpKKoCPD:vtzaCBUdKUSpKde
Malware Config
Targets
-
-
Target
90e289ec47b4928d52b7112812a02814.exe
-
Size
1.2MB
-
MD5
90e289ec47b4928d52b7112812a02814
-
SHA1
f557de05746d7c22664c5919269c4ba508633887
-
SHA256
dd16f7cc4746193b2976567db0d2d584a5027ee7a84532a0d937b55ab1a6b8a6
-
SHA512
214400ce98489b7ca011b12aca9c85a12d15f774d4a12c2c42d0a8203db4104b6d12f5c3b02ba269b1a719ffcd75e0c85c347248e3384f6bc39ec553bb89bba2
-
SSDEEP
24576:qzQllN3bTfSMnKX/gdJ9FMdoV2LQB9adKOVSpKKoCPD:vtzaCBUdKUSpKde
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-