General
-
Target
f6e8ad2f79264f067063144585dd8840a8ae0768c4f7f68edcda045ad3bee1c6.exe
-
Size
885KB
-
Sample
250327-xta29awzcs
-
MD5
63fa59f7c83ec1df2eac00cc85696830
-
SHA1
799e9ea365e4ad95c05d21e275e72438882ad776
-
SHA256
f6e8ad2f79264f067063144585dd8840a8ae0768c4f7f68edcda045ad3bee1c6
-
SHA512
0fc737e68a46d1af83e99b67f066b94bbfaad74bbeeeb183fda33337576fdca3c00fc894706bcfd75d74f0a6432982955a1fdba84fd13252413402c3aa9017d3
-
SSDEEP
12288:0lNE5VnZuh+ZIlXJBH5SP2I/lwvDT77/wOKsV42i3GULVaHeopyyx:0lNCv6XJ5BClaXfD9vUha+u
Malware Config
Targets
-
-
Target
f6e8ad2f79264f067063144585dd8840a8ae0768c4f7f68edcda045ad3bee1c6.exe
-
Size
885KB
-
MD5
63fa59f7c83ec1df2eac00cc85696830
-
SHA1
799e9ea365e4ad95c05d21e275e72438882ad776
-
SHA256
f6e8ad2f79264f067063144585dd8840a8ae0768c4f7f68edcda045ad3bee1c6
-
SHA512
0fc737e68a46d1af83e99b67f066b94bbfaad74bbeeeb183fda33337576fdca3c00fc894706bcfd75d74f0a6432982955a1fdba84fd13252413402c3aa9017d3
-
SSDEEP
12288:0lNE5VnZuh+ZIlXJBH5SP2I/lwvDT77/wOKsV42i3GULVaHeopyyx:0lNCv6XJ5BClaXfD9vUha+u
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-