General
-
Target
2025-05-20_363dd981861071e2a61dcd68f9debb42_amadey_black-basta_cova_cryptbot_dcrat_elex_luca-stealer
-
Size
2.2MB
-
Sample
250520-e6ks4stqx5
-
MD5
363dd981861071e2a61dcd68f9debb42
-
SHA1
7ff269b21c0440dcab257a257499202e442ebf3a
-
SHA256
412d4110033eac44536989b003cd32bedad9edd02fa423a576e8a01eabc70d26
-
SHA512
ae270459aab8ac23042b472b1b26776f2ef7d1fd8544a003a106b3f948b74036aca571cc292bfbc7ed141700b5766597be84febe87ecf9d864405827e0e0466f
-
SSDEEP
24576:5TbBv5rUBZzrCJVGQ86n+9Jf3034WNRm+Sp2ZNY3XuzJwR/HNLVWT8rh2AKvdrlx:zB6F2CQ4f0Iqm+SpwPzJKLU8ARBlMW
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-20_363dd981861071e2a61dcd68f9debb42_amadey_black-basta_cova_cryptbot_dcrat_elex_luca-stealer.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-05-20_363dd981861071e2a61dcd68f9debb42_amadey_black-basta_cova_cryptbot_dcrat_elex_luca-stealer.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-05-20_363dd981861071e2a61dcd68f9debb42_amadey_black-basta_cova_cryptbot_dcrat_elex_luca-stealer
-
Size
2.2MB
-
MD5
363dd981861071e2a61dcd68f9debb42
-
SHA1
7ff269b21c0440dcab257a257499202e442ebf3a
-
SHA256
412d4110033eac44536989b003cd32bedad9edd02fa423a576e8a01eabc70d26
-
SHA512
ae270459aab8ac23042b472b1b26776f2ef7d1fd8544a003a106b3f948b74036aca571cc292bfbc7ed141700b5766597be84febe87ecf9d864405827e0e0466f
-
SSDEEP
24576:5TbBv5rUBZzrCJVGQ86n+9Jf3034WNRm+Sp2ZNY3XuzJwR/HNLVWT8rh2AKvdrlx:zB6F2CQ4f0Iqm+SpwPzJKLU8ARBlMW
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-