General
-
Target
2025-07-04_5bb3aba2d2ec68c81d2cee27e5cd021b_black-basta_chapak_cova_cryptbot_darkgate_dcrat_elex_hawkeye_luca-stealer
-
Size
1.6MB
-
Sample
250704-nntsqsdn4x
-
MD5
5bb3aba2d2ec68c81d2cee27e5cd021b
-
SHA1
9f0de4d49ed066a9f3aaa7f50ae9efffae968013
-
SHA256
dca9f79ee91afd62b1f113d8dcd96cc95b56fc98099afb31749dbd0393fab558
-
SHA512
a2de78824c6310b2f7e2a7793b7d9703ceae819f3366629d02fd9e27cc256e7d00a2bbf5c12f103f96e5f83e7d6ef8b9be47025e16e718e4e130977826f3a200
-
SSDEEP
24576:u2G/nvxW3WieCJzOHXG6DO0H1iq7cUa/fU+awWr4DshhxpQR8g49r/o:ubA3jJz4192fUdwiSshLpQRYhA
Behavioral task
behavioral1
Sample
2025-07-04_5bb3aba2d2ec68c81d2cee27e5cd021b_black-basta_chapak_cova_cryptbot_darkgate_dcrat_elex_hawkeye_luca-stealer.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-07-04_5bb3aba2d2ec68c81d2cee27e5cd021b_black-basta_chapak_cova_cryptbot_darkgate_dcrat_elex_hawkeye_luca-stealer
-
Size
1.6MB
-
MD5
5bb3aba2d2ec68c81d2cee27e5cd021b
-
SHA1
9f0de4d49ed066a9f3aaa7f50ae9efffae968013
-
SHA256
dca9f79ee91afd62b1f113d8dcd96cc95b56fc98099afb31749dbd0393fab558
-
SHA512
a2de78824c6310b2f7e2a7793b7d9703ceae819f3366629d02fd9e27cc256e7d00a2bbf5c12f103f96e5f83e7d6ef8b9be47025e16e718e4e130977826f3a200
-
SSDEEP
24576:u2G/nvxW3WieCJzOHXG6DO0H1iq7cUa/fU+awWr4DshhxpQR8g49r/o:ubA3jJz4192fUdwiSshLpQRYhA
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-