General
-
Target
2025-03-29_15f181bae69d26256dc5edabadee501b_bitrat_black-basta_coinminer_luca-stealer
-
Size
7.8MB
-
Sample
250329-psysxsvlw3
-
MD5
15f181bae69d26256dc5edabadee501b
-
SHA1
4f0c66730cc6bf7cd5e0cc6be158fb5c52cbe31a
-
SHA256
bca959282bb07c49176f8cf7d97259c186ae0034c5ddf42710a2027046ace26d
-
SHA512
216c3bc5d977ee0e05cfcd2fafd3fb2f1a61c35f915c7a233d02643b07a47c7e6cedba9a1c531291b24bae0c67544e9218785fa01151d0a1e423d19cae2854ae
-
SSDEEP
196608:CWx+Kdiqx6F9bxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTV4:CWxVdiXNxwZ6v1CPwDv3uFteg2EeJUOf
Malware Config
Targets
-
-
Target
2025-03-29_15f181bae69d26256dc5edabadee501b_bitrat_black-basta_coinminer_luca-stealer
-
Size
7.8MB
-
MD5
15f181bae69d26256dc5edabadee501b
-
SHA1
4f0c66730cc6bf7cd5e0cc6be158fb5c52cbe31a
-
SHA256
bca959282bb07c49176f8cf7d97259c186ae0034c5ddf42710a2027046ace26d
-
SHA512
216c3bc5d977ee0e05cfcd2fafd3fb2f1a61c35f915c7a233d02643b07a47c7e6cedba9a1c531291b24bae0c67544e9218785fa01151d0a1e423d19cae2854ae
-
SSDEEP
196608:CWx+Kdiqx6F9bxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTV4:CWxVdiXNxwZ6v1CPwDv3uFteg2EeJUOf
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-