Overview

overview

10

Static

static

3

2025-05-20...er.exe

windows10-2004-x64

10

2025-05-20...er.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2025-05-20_0f671990636dfc5e353347b543f4ffca_amadey_black-basta_cova_cryptbot_dcrat_elex_luca-stealer

  • Size

    2.1MB

  • Sample

    250520-e4rtmstqv9

  • MD5

    0f671990636dfc5e353347b543f4ffca

  • SHA1

    4e4b8a9833f6117cb7ace7cccc3bab32141f4c40

  • SHA256

    7d70f1f154c7a7bdcfe818cadd6dd40eaf494be6ddb30f71c2497a060ea957ab

  • SHA512

    51ab3bd5e0981ebbb4c6cf5aa42c9e14d68e0fe76ffae2870cad1c3a951a34668db0c6b6cb4b8f08e5f377836568656ec71689178fbf5a536b31112486428454

  • SSDEEP

    49152:IBJplkHm8ftkpupKDt/eB8ZcBJZwMwuVfteYgCzy:yf2upMqtAvBJZwMwuXASy

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      2025-05-20_0f671990636dfc5e353347b543f4ffca_amadey_black-basta_cova_cryptbot_dcrat_elex_luca-stealer

    • Size

      2.1MB

    • MD5

      0f671990636dfc5e353347b543f4ffca

    • SHA1

      4e4b8a9833f6117cb7ace7cccc3bab32141f4c40

    • SHA256

      7d70f1f154c7a7bdcfe818cadd6dd40eaf494be6ddb30f71c2497a060ea957ab

    • SHA512

      51ab3bd5e0981ebbb4c6cf5aa42c9e14d68e0fe76ffae2870cad1c3a951a34668db0c6b6cb4b8f08e5f377836568656ec71689178fbf5a536b31112486428454

    • SSDEEP

      49152:IBJplkHm8ftkpupKDt/eB8ZcBJZwMwuVfteYgCzy:yf2upMqtAvBJZwMwuXASy

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »