General
-
Target
2025-04-04_f5a8391ab9a526413109128a1524f134_black-basta_cova_luca-stealer
-
Size
2.2MB
-
Sample
250404-j8vtbaszf1
-
MD5
f5a8391ab9a526413109128a1524f134
-
SHA1
6ad323f39914b8e906f00281eb70a92f7c0a0c37
-
SHA256
681004db18c97eaf371b788f51630be4c29560495829c0b75bae1055f208e9d3
-
SHA512
99b7058fc8eb0cc48b8eefdb8618968b8f5190c6db543ee4f1c5e31f9c74b3d92d81cb638d5cbe2daafb83f00bf4f9d9451060aa4752f443dad33192dacccbdc
-
SSDEEP
49152:IBJ4GiOrdde7gQp6MnZkbWDR7s6AsP83RMZlY7r+d:yiX7gS6iZkAY53RMZl3d
Malware Config
Targets
-
-
Target
2025-04-04_f5a8391ab9a526413109128a1524f134_black-basta_cova_luca-stealer
-
Size
2.2MB
-
MD5
f5a8391ab9a526413109128a1524f134
-
SHA1
6ad323f39914b8e906f00281eb70a92f7c0a0c37
-
SHA256
681004db18c97eaf371b788f51630be4c29560495829c0b75bae1055f208e9d3
-
SHA512
99b7058fc8eb0cc48b8eefdb8618968b8f5190c6db543ee4f1c5e31f9c74b3d92d81cb638d5cbe2daafb83f00bf4f9d9451060aa4752f443dad33192dacccbdc
-
SSDEEP
49152:IBJ4GiOrdde7gQp6MnZkbWDR7s6AsP83RMZlY7r+d:yiX7gS6iZkAY53RMZl3d
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-