blackbasta | 2024-12-19_9f28f87be2197981d2e32009a91093d5_darkside_hawkeye_luca-stealer | Triage

Sharing

General

Target

2024-12-19_9f28f87be2197981d2e32009a91093d5_darkside_hawkeye_luca-stealer
Size

13.6MB
MD5

9f28f87be2197981d2e32009a91093d5
SHA1

c6d37a32e08c244ca866d3250ae1ddb0aa1a81e6
SHA256

d905781d05edf7deb91f595b96efa5a5f6a55d693305da5161db32989f8d2d9b
SHA512

0fb502a720d6e110b2e1195b793fad05713701fcd49f89d4f49ccd0b21e30948d145356f4d8108d8acf7566ef0503889167d4ddb4c275ec23e5b98c7dc85e8ef
SSDEEP

98304:+Lu1TIRtUOV5ZQ+5jZArLu1OWWqXpy05Q4BN2IJjscn:+TRtBYk405Q03FP

Score

10^/10

blackbasta pandastealer blackmatter

Malware Config

Extracted

Family

blackmatter

Version

34.215

Signatures

Black Basta payload 1 IoCs

resource	yara_rule
sample	family_blackbasta

Blackbasta family
blackbasta
Blackmatter family
blackmatter

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-19_9f28f87be2197981d2e32009a91093d5_darkside_hawkeye_luca-stealer

Files

2024-12-19_9f28f87be2197981d2e32009a91093d5_darkside_hawkeye_luca-stealer
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ