General
-
Target
2025-03-27_00cfd720e47a438bb447d391ee600ac7_black-basta_luca-stealer
-
Size
6.6MB
-
Sample
250327-eztgnszjt9
-
MD5
00cfd720e47a438bb447d391ee600ac7
-
SHA1
5852dfaca31fcbce09d833ba9f8f1d249e1fbc34
-
SHA256
b082402c085102b72cb8493a86a640311ada2c4aeff81bba9e290b51372e2c78
-
SHA512
1089a57b32cf25921814f2e83add8ed1de9467d09eca125cccbfb0e2c575465ba74d1f39b101679403482b817ccb778a85b69b876d1f8ab219f284227901d6f4
-
SSDEEP
196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazX:kfauN/HYOSIT/EVF9j
Malware Config
Targets
-
-
Target
2025-03-27_00cfd720e47a438bb447d391ee600ac7_black-basta_luca-stealer
-
Size
6.6MB
-
MD5
00cfd720e47a438bb447d391ee600ac7
-
SHA1
5852dfaca31fcbce09d833ba9f8f1d249e1fbc34
-
SHA256
b082402c085102b72cb8493a86a640311ada2c4aeff81bba9e290b51372e2c78
-
SHA512
1089a57b32cf25921814f2e83add8ed1de9467d09eca125cccbfb0e2c575465ba74d1f39b101679403482b817ccb778a85b69b876d1f8ab219f284227901d6f4
-
SSDEEP
196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazX:kfauN/HYOSIT/EVF9j
Score10/10-
Beapy
Beapy is a python worm with crypto mining capabilities.
-
Beapy family
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
Contacts a large (9653) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
mimikatz is an open source tool to dump credentials on Windows
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1Clear Persistence
1