General

  • Target

    2024-12-19_9f28f87be2197981d2e32009a91093d5_darkside_hawkeye_luca-stealer

  • Size

    13.6MB

  • Sample

    241219-3szxwatldy

  • MD5

    9f28f87be2197981d2e32009a91093d5

  • SHA1

    c6d37a32e08c244ca866d3250ae1ddb0aa1a81e6

  • SHA256

    d905781d05edf7deb91f595b96efa5a5f6a55d693305da5161db32989f8d2d9b

  • SHA512

    0fb502a720d6e110b2e1195b793fad05713701fcd49f89d4f49ccd0b21e30948d145356f4d8108d8acf7566ef0503889167d4ddb4c275ec23e5b98c7dc85e8ef

  • SSDEEP

    98304:+Lu1TIRtUOV5ZQ+5jZArLu1OWWqXpy05Q4BN2IJjscn:+TRtBYk405Q03FP

Malware Config

Extracted

Family

blackmatter

Version

34.215

Targets

    • Target

      2024-12-19_9f28f87be2197981d2e32009a91093d5_darkside_hawkeye_luca-stealer

    • Size

      13.6MB

    • MD5

      9f28f87be2197981d2e32009a91093d5

    • SHA1

      c6d37a32e08c244ca866d3250ae1ddb0aa1a81e6

    • SHA256

      d905781d05edf7deb91f595b96efa5a5f6a55d693305da5161db32989f8d2d9b

    • SHA512

      0fb502a720d6e110b2e1195b793fad05713701fcd49f89d4f49ccd0b21e30948d145356f4d8108d8acf7566ef0503889167d4ddb4c275ec23e5b98c7dc85e8ef

    • SSDEEP

      98304:+Lu1TIRtUOV5ZQ+5jZArLu1OWWqXpy05Q4BN2IJjscn:+TRtBYk405Q03FP

    • Black Basta

      A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    • Black Basta payload

    • Blackbasta family

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Pandastealer family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks