Malicious
Malicious

Start (1).exe

PE Executable
|
MD5: 2cdbe2d9679019e2c6af8510140c1920
|
Size: 49.15 KB
|
application/x-msdownload

RAT
njRat
DcRat
DarkCrystal RAT
Executable
PE (Portable Executable)
Win 32 Exe
x86
Print
General
Structural Analysis
Config.1
Yara Rules7
Sync
Insights
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
2cdbe2d9679019e2c6af8510140c1920
Sha1
54224cce3a9599b0ebde07fc49fab56c33825839
Sha256
03c2be86b6cb352ae7afcacac1a5aa1f36d387e19ac68f2e8fca4962fd2d6e56
Sha384
e13ab234509384b89027f3cb3bfeb7a62e76e7d136c53fb18d1e9eb81b05fd5df2575f3405a415dcf19ca75dd2acd28a
Sha512
162f01a99838e87cd630967d6a40835e294dca609b0490ded16e099a74db8f3c58ef5428d62f4b16d1f7e14f051e3ea1ead4e2e6ac20286a65a2b2f265a259de
SSDeep
768:BZAmcILiCu2Y+biotelDSN+iV08Ybygekb1pCvEgK/J8iVc6KN:BZAt24otKDs4zb1rbankJ8iVclN
TLSH
78235D4037E88136F2BD4B74ACF2A141867AE2576903CA5D6CC814EA2B13FC596137FE
File Structure
Start (1).exe
RAT
njRat
DcRat
DarkCrystal RAT
Executable
PE (Portable Executable)
Win 32 Exe
x86
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - DcRat config.
Config. Field
 Value
Key (AES_256)

ZHI2S2R6U0Rhd3d1WHlaZHpMU3RCM2cwelVSRGtUeEg=
Ports

null
Hosts

null
Version

1.0.7
Install

true
Install-Folder

%Temp%
Install File

WindowsSecurityHealthService.exe
Mutex

WindowsSecurityH
Certificate

MIICKTCCAZKgAwIBAgIVAMPRfh9H7oj5DBDmu4m5lYBPpeH1MA0GCSqGSIb3DQEBDQUAMF0xDjAMBgNVBAMMBXdpbjY0MRMwEQYDVQQLDApxd3FkYW5jaHVuMRwwGgYDVQQKDBNEY1JhdCBCeSBxd3FkYW5jaHVuMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNzI0MTQ1MjM1WhcNMzMwNTAyMTQ1MjM1WjAQMQ4wDAYDVQQDDAVEY1JhdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4kG02Q1bFjgWIjZBDdvrZ3gEwADVkxEIweC2siM6+8HryGgJwgtFOdnMsBlGqOezPlbkxuiaJPpD8zb4OevpsX85XJz1xf6w9nK+j9D4IR26y8D/BYgBzoXoebILgHZmmINk3LKoq6WJyEOXxvJfn6bR3BLnZhLzSmqU8g6yNIMCAwEAAaMyMDAwHQYDVR0OBBYEFGJGrs5VRR3EE/6p+vV9+MfP+A1gMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAJmD5IpBcmZp/Yf4LIgoLvbC0ffGMdcvvRR06AVoqjWGvyjn5L9STVTnbRMkPwAILzG22G/u+xJwZ+/mDpeMoN840jVyqSX0BvW9Uu3KPx69z1YFQ8sLNQaV9CRNGjxDnZXEqNvINpydIr7/djG3RoHIXJatCM7V+tAiK
ServerSignature

LodiAnTcm4in1NuW5TX6W5MSZkLk6/XvCCGr91R20zCUCqKrJYMWojCkcUamvZE68/Pj6sp3FbdSryKaV+3EBVJ3mthI1uGhhCF5HmVpe//Z0Oo6r2BQG0y4uR7lBKFqwe3PajlJfZm77OOFrIpUFs+21ZwaUqf5
Anti-VM

https://pastebin.com/raw/RML1A9P
PasteBin

false
BDOS

5
Delay

Default
Group

false
Artefacts
Name
 Value
Ports

null
CnC

null
Start (1).exe (49.15 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙