Overview

overview

10

Static

static

5

2025-03-29...er.exe

windows10-ltsc_2021-x64

10

Resubmissions

29/03/2025, 12:48

250329-p16hqsttbw 10

29/03/2025, 09:47

250329-lsnfea1ses 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-29_5ec95a42b16d80c72d17cc6d0bac58de_agent-tesla_black-basta_cobalt-strike_luca-stealer

  • Size

    938KB

  • Sample

    250329-p16hqsttbw

  • MD5

    5ec95a42b16d80c72d17cc6d0bac58de

  • SHA1

    9cfd9221606e1acfef1ea5f6f4bf88080822d5db

  • SHA256

    f3d7546937b4791736e3f2182526a0ac22d47060cce53c4ab8e439b65742127b

  • SHA512

    ca64237e9b54295b3162e26808d6c9acbef0640a996534425e21898b456e5117142bfe4d30473d2573ef42d08f0a85475d1cab63153e7b1b573011f67f735f0b

  • SSDEEP

    24576:dqDEvCTbMWu7rQYlBQcBiT6rprG8a0Xu:dTvC/MTQYxsWR7a0X

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://176.113.115.7/mine/random.exe

Targets

    • Target

      2025-03-29_5ec95a42b16d80c72d17cc6d0bac58de_agent-tesla_black-basta_cobalt-strike_luca-stealer

    • Size

      938KB

    • MD5

      5ec95a42b16d80c72d17cc6d0bac58de

    • SHA1

      9cfd9221606e1acfef1ea5f6f4bf88080822d5db

    • SHA256

      f3d7546937b4791736e3f2182526a0ac22d47060cce53c4ab8e439b65742127b

    • SHA512

      ca64237e9b54295b3162e26808d6c9acbef0640a996534425e21898b456e5117142bfe4d30473d2573ef42d08f0a85475d1cab63153e7b1b573011f67f735f0b

    • SSDEEP

      24576:dqDEvCTbMWu7rQYlBQcBiT6rprG8a0Xu:dTvC/MTQYxsWR7a0X

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks