General
-
Target
75efabc3056a03a80af5f744f2c7f616.bin
-
Size
416KB
-
Sample
240701-cq7xlatama
-
MD5
e18a0255d46a15f070d946558d7a7e02
-
SHA1
6f3368e206f5f04378090173282e42a8c6f51781
-
SHA256
503f68ee6b9cb184e1dad186bb3f7e200a97b0ebd56de4a2bdd7e78d6c10e3aa
-
SHA512
93e0f7a4456220addd290c317a531267e4187664ade4308a88d79288d4d86c1775db83d06e15c08e3ba67604005659f94bb9272403090699e53ebe3921e90e45
-
SSDEEP
6144:qTglhfCZejLaR6ZzuO6+8yRaBnU1bcYK2Zrr2SyI4ODk/TuPALhbPMPFBE1FxQNT:7J6CLyC6+NKnkh2XwDwTuoLeiQ86jh
Malware Config
Targets
-
-
Target
249009648a4e88d2cd0fb5e595c911e5dca3ec1d70252981554ab0331800cb92.exe
-
Size
829KB
-
MD5
75efabc3056a03a80af5f744f2c7f616
-
SHA1
8c8d4b0dd3b3f3cafcc55841431a3f56be29c47f
-
SHA256
249009648a4e88d2cd0fb5e595c911e5dca3ec1d70252981554ab0331800cb92
-
SHA512
e552ed4b4a06e4daf004832153e1904e6ad19be127bfdb479f0688a5ae7425618ffac17c9a686971b72beb8a46f48c57fc6a628b6a4302d00a9c1650fa12c798
-
SSDEEP
12288:PEyrEZFe6JTVqa28z0SOGBslmJrZpUpazI5Izpbpwvr2/QJVKOEpiu:s7e6JTVXaGu2M5IzNpwS/QJVKO4
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-