General

  • Target

    2025-07-04_5bb3aba2d2ec68c81d2cee27e5cd021b_black-basta_chapak_cova_cryptbot_darkgate_dcrat_elex_hawkeye_luca-stealer

  • Size

    1.6MB

  • Sample

    250704-nntsqsdn4x

  • MD5

    5bb3aba2d2ec68c81d2cee27e5cd021b

  • SHA1

    9f0de4d49ed066a9f3aaa7f50ae9efffae968013

  • SHA256

    dca9f79ee91afd62b1f113d8dcd96cc95b56fc98099afb31749dbd0393fab558

  • SHA512

    a2de78824c6310b2f7e2a7793b7d9703ceae819f3366629d02fd9e27cc256e7d00a2bbf5c12f103f96e5f83e7d6ef8b9be47025e16e718e4e130977826f3a200

  • SSDEEP

    24576:u2G/nvxW3WieCJzOHXG6DO0H1iq7cUa/fU+awWr4DshhxpQR8g49r/o:ubA3jJz4192fUdwiSshLpQRYhA

Malware Config

Targets

    • Target

      2025-07-04_5bb3aba2d2ec68c81d2cee27e5cd021b_black-basta_chapak_cova_cryptbot_darkgate_dcrat_elex_hawkeye_luca-stealer

    • Size

      1.6MB

    • MD5

      5bb3aba2d2ec68c81d2cee27e5cd021b

    • SHA1

      9f0de4d49ed066a9f3aaa7f50ae9efffae968013

    • SHA256

      dca9f79ee91afd62b1f113d8dcd96cc95b56fc98099afb31749dbd0393fab558

    • SHA512

      a2de78824c6310b2f7e2a7793b7d9703ceae819f3366629d02fd9e27cc256e7d00a2bbf5c12f103f96e5f83e7d6ef8b9be47025e16e718e4e130977826f3a200

    • SSDEEP

      24576:u2G/nvxW3WieCJzOHXG6DO0H1iq7cUa/fU+awWr4DshhxpQR8g49r/o:ubA3jJz4192fUdwiSshLpQRYhA

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v16

Tasks