General
-
Target
0ce55de539370fb98b263adacdc9122b.bin
-
Size
415KB
-
Sample
240630-bgxjts1dpe
-
MD5
2e1df484d6d83258941d0b5a4449c339
-
SHA1
6da94b974b9f9342ba9189d32538ed72820aa008
-
SHA256
0c26765819873ecc47ff2ac8030f6bf77bf9a5dbefe47ad2d34f4db4d01f862e
-
SHA512
c042616a8b81851498b02b3cf509b83520fd84d91099b79945c36d5ba77d3c007e98cfc1edbda32b102524f933ff9a18ba8453f0eea2ec3dad5a11e1ebf37982
-
SSDEEP
6144:tUOLf/V0mH/6M5z1GiPNjrXnQdS/Ju/gYAZyYPBIpqlxv31Chg3m/ySZ6ln9m:tUO3N5BG+5rXnQKKgYA3hlfvMZ6M
Malware Config
Targets
-
-
Target
fe20286db492e192672c31c79ef6808d9e33601b4fbf4c61ad1aeab5ba3b6b93.exe
-
Size
827KB
-
MD5
0ce55de539370fb98b263adacdc9122b
-
SHA1
b8026e369d6f413a8ac5dedae454a3b76a0eea32
-
SHA256
fe20286db492e192672c31c79ef6808d9e33601b4fbf4c61ad1aeab5ba3b6b93
-
SHA512
5d9936e3f5035483017c33a1c91fc2bbc55ca7aa5e12d9830f8b8c8ae89b4558ff125ac0d6c5075a0420df771f8c561ef44df1e0dd97494face58f18c8af0ff0
-
SSDEEP
12288:lDovvsS4DTVWIFpHD5u6IYFN9zQDgaOUJ69y2Lbzch6LdN:pWvsS4PFpHDE6IpjOypCaG
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-