Extracted

• • Target

    2024-12-19_9f28f87be2197981d2e32009a91093d5_darkside_hawkeye_luca-stealer

  • Size

    13.6MB

  • MD5

    9f28f87be2197981d2e32009a91093d5

  • SHA1

    c6d37a32e08c244ca866d3250ae1ddb0aa1a81e6

  • SHA256

    d905781d05edf7deb91f595b96efa5a5f6a55d693305da5161db32989f8d2d9b

  • SHA512

    0fb502a720d6e110b2e1195b793fad05713701fcd49f89d4f49ccd0b21e30948d145356f4d8108d8acf7566ef0503889167d4ddb4c275ec23e5b98c7dc85e8ef

  • SSDEEP

    98304:+Lu1TIRtUOV5ZQ+5jZArLu1OWWqXpy05Q4BN2IJjscn:+TRtBYk405Q03FP

  Score

  10^/10

  blackbastapandastealerdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta

  • Black Basta payload

  • Blackbasta family

    blackbasta

  • Panda Stealer payload

  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer

  • Pandastealer family

    pandastealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2