General

  • Target

    2025-05-20_363dd981861071e2a61dcd68f9debb42_amadey_black-basta_cova_cryptbot_dcrat_elex_luca-stealer

  • Size

    2.2MB

  • Sample

    250520-e6ks4stqx5

  • MD5

    363dd981861071e2a61dcd68f9debb42

  • SHA1

    7ff269b21c0440dcab257a257499202e442ebf3a

  • SHA256

    412d4110033eac44536989b003cd32bedad9edd02fa423a576e8a01eabc70d26

  • SHA512

    ae270459aab8ac23042b472b1b26776f2ef7d1fd8544a003a106b3f948b74036aca571cc292bfbc7ed141700b5766597be84febe87ecf9d864405827e0e0466f

  • SSDEEP

    24576:5TbBv5rUBZzrCJVGQ86n+9Jf3034WNRm+Sp2ZNY3XuzJwR/HNLVWT8rh2AKvdrlx:zB6F2CQ4f0Iqm+SpwPzJKLU8ARBlMW

Malware Config

Targets

    • Target

      2025-05-20_363dd981861071e2a61dcd68f9debb42_amadey_black-basta_cova_cryptbot_dcrat_elex_luca-stealer

    • Size

      2.2MB

    • MD5

      363dd981861071e2a61dcd68f9debb42

    • SHA1

      7ff269b21c0440dcab257a257499202e442ebf3a

    • SHA256

      412d4110033eac44536989b003cd32bedad9edd02fa423a576e8a01eabc70d26

    • SHA512

      ae270459aab8ac23042b472b1b26776f2ef7d1fd8544a003a106b3f948b74036aca571cc292bfbc7ed141700b5766597be84febe87ecf9d864405827e0e0466f

    • SSDEEP

      24576:5TbBv5rUBZzrCJVGQ86n+9Jf3034WNRm+Sp2ZNY3XuzJwR/HNLVWT8rh2AKvdrlx:zB6F2CQ4f0Iqm+SpwPzJKLU8ARBlMW

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »