d81ca689ec0b219abe2d12b2bc7d6eb1a0c76d8d3fda3ebb58a7bae3061ea200

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-27_03aa0a86fe8a404ead2373364966ded0_amadey_avoslocker_black-basta_cobalt-strike_luca-stealer.exe
Size

272KB
MD5

03aa0a86fe8a404ead2373364966ded0
SHA1

5b1889c3281e0f011333f8f041559490fad1066d
SHA256

d81ca689ec0b219abe2d12b2bc7d6eb1a0c76d8d3fda3ebb58a7bae3061ea200
SHA512

545cdc12c5ce65df683b8aa496d8b5ae8fd55b681ca7c6e2b687af672e58dd7353c7f5537636c33dc3a08943319e3b786ba49808dac30b4cd19732463d234174
SSDEEP

6144:HMfmQsWFETIG0upECyQTRj9gced0OcO8r27KyODmPZXAf1uytixeqxF:HMfmQshyQTzgced0w8rEKyOkAf1uyti/

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-03-27_03aa0a86fe8a404ead2373364966ded0_amadey_avoslocker_black-basta_cobalt-strike_luca-stealer.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	2025-03-27_03aa0a86fe8a404ead2373364966ded0_amadey_avoslocker_black-basta_cobalt-strike_luca-stealer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	2025-03-27_03aa0a86fe8a404ead2373364966ded0_amadey_avoslocker_black-basta_cobalt-strike_luca-stealer.exe

C:\Users\Admin\AppData\Local\Temp\2025-03-27_03aa0a86fe8a404ead2373364966ded0_amadey_avoslocker_black-basta_cobalt-strike_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-27_03aa0a86fe8a404ead2373364966ded0_amadey_avoslocker_black-basta_cobalt-strike_luca-stealer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\iTyHCfLSOCvuT\HIspeGbIxSf.zip

Filesize
377KB

MD5
8a027e34ffd9254affa04a061dd98fa8

SHA1
278537192d88c494526ec4702b36119d0b0a524f

SHA256
04a54557a7557abfa04a2a319f60c62498ec9eba21eae37f11c12b4ba7bd86bb

SHA512
a7b38601459d66898991f356bb619c19816ed9c6a42a4d14e01ee06e363a67a9af778d00e6d8a7f9170640af0c62e6674dbcb4157c740b7fcb09ca7fe2f53b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\iTyHCfLSOCvuT\_Files\_Files\FindReceive.txt

Filesize
327KB

MD5
ce1f1db28cbc469a92276b572b419bcf

SHA1
d7f7d991a53a332a040004e6f99f05e723a086aa

SHA256
3a4349c8550d5d6eecf53896aa2675ae10367f9810eb769e0e927efad0132922

SHA512
7306fed5eaf59bfc8855eae248c1d320ddf8796f93bf813621a8c500affa899fca5c734da267940bf6d6324cdea13cab99dbc0eef648645365af3051bfeb6cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\iTyHCfLSOCvuT\_Files\_Information.txt

Filesize
3KB

MD5
b1b3b32d8f861073682944a525a184d8

SHA1
933197141fcaf9ff4953c717468f48aa49f868d3

SHA256
cb0c1328e1b16711d3d1bbcd83689df6cba1a398a3ee861999e0c95cce46562d

SHA512
04a6665ef187113c1a8a002a22031da6777c8e83d2fc140825f7d59cc48f395398bd5452d758c7df6870aa2ad4f3ace446a9c8be41e8f775190fd6a4b2eecb77

Download Submit
C:\Users\Admin\AppData\Local\Temp\iTyHCfLSOCvuT\_Files\_Information.txt

Filesize
8KB

MD5
82e2c5e8f3e207f225510a36ed300f7d

SHA1
608679ee46ed29e1dcbe7cb583afbb8f8226817c

SHA256
f9ab1f6725158e8f3d49f616ec8f355d1842246213dccca63ecb0e88deecf116

SHA512
1378fb41d2a6148b7c23d16758dfddf543bd379ad91498571c61e76b503b16d8aa20149b1f12e477ab3f78bd5fd64236795ece125992e17f6a0c5f367c56d0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\iTyHCfLSOCvuT\_Files\_Screen_Desktop.jpeg

Filesize
55KB

MD5
949d470d0abebd309535ae70b75a7747

SHA1
febd17ad11421c1fc5859c2f51f373bc950b9f36

SHA256
979386c4793c5ca092e9fe5a174fef949e3cd53649ec344a28b71f404318a015

SHA512
c057297d835e88922ceab48a4ef1b2f4c95fe77429474e42e128daaf9557885e27da98eb5294061f317fb4db0c93c6b1723adf77eea27abb2d97dff4c5db36fe

Download Submit