2025-03-30_30a2f735e693ca5fcddb3d156411ec2c_amadey_black-basta_luca-stealer_smoke-loader

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-30_30a2f735e693ca5fcddb3d156411ec2c_amadey_black-basta_luca-stealer_smoke-loader
Size

1.1MB
MD5

30a2f735e693ca5fcddb3d156411ec2c
SHA1

aad0887f202adb3e4ad88f5ac1b8d2a436c60f9e
SHA256

e7cce292772be0783439ad3ec16f2a7be14c343a56681cab92fcb90ed8d8cd59
SHA512

21da43da5a7e4858e0ad8e3527881b8735a0bbc08163fd3fd857e307ee43dfc6fc3dd4770f5aa8fa9469d519c8fb16f36b0a5538255027eaef46174b4f7abc19
SSDEEP

24576:xTCnLtBb4i6KDlNImvgI/4UxUQ2p56iqnesZK/oYV:xTWBV66XvOQUQ2p5HqnYpV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-30_30a2f735e693ca5fcddb3d156411ec2c_amadey_black-basta_luca-stealer_smoke-loader

Files

2025-03-30_30a2f735e693ca5fcddb3d156411ec2c_amadey_black-basta_luca-stealer_smoke-loader
.exe windows:5 windows x86 arch:x86

0e0b54879066da6c1df98f9738257690

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempPathW
CopyFileW
ReleaseMutex
CreateMutexW
GetFileSize
ReadFile
GetTickCount
GetSystemDirectoryW
GetVolumeInformationW
FreeLibrary
GetSystemInfo
GetNativeSystemInfo
FormatMessageW
LoadLibraryW
GetVersionExW
RemoveDirectoryW
SetFileAttributesW
MoveFileExW
GlobalAlloc
GlobalFree
TerminateProcess
ReadProcessMemory
CreateProcessW
GetLongPathNameW
GetWindowsDirectoryW
VirtualProtect
SetUnhandledExceptionFilter
GetCurrentThreadId
SetErrorMode
SetLastError
DecodePointer
IsBadReadPtr
DeviceIoControl
OutputDebugStringA
SetPriorityClass
EncodePointer
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetModuleFileNameW
GetLocalTime
MultiByteToWideChar
CreateFileW
CreateDirectoryW
WriteFile
DeleteFileW
lstrcpyW
FindNextFileW
FindFirstFileW
FindClose
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetLogicalDriveStringsW
GetCurrentProcessId
LockResource
OpenProcess
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetProcAddress
WritePrivateProfileStringW
lstrlenW
CreateEventW
CloseHandle
Sleep
WaitForSingleObject
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
WideCharToMultiByte
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
SetEnvironmentVariableA
RaiseException
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LoadLibraryA
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
GetACP
GetModuleHandleExW
ExitProcess
QueryPerformanceFrequency
GetDriveTypeW
LoadLibraryExW
RtlUnwind
ExpandEnvironmentStringsW
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
GetSystemDirectoryA
SleepEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEndOfFile

user32

wsprintfW
wsprintfA

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RevertToSelf
OpenProcessToken
RegOpenKeyW
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
ImpersonateLoggedOnUser
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
LookupAccountNameW
GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
InitializeSecurityDescriptor
AddAccessAllowedAce
GetAce
AddAce
GetAclInformation
InitializeAcl
GetLengthSid
EqualSid
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW

shlwapi

PathFileExistsW
SHDeleteKeyW

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

crypt32

CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam

ws2_32

send
recv
setsockopt
connect
closesocket
WSACleanup
WSAStartup
bind
getpeername
getsockopt
getsockname
ntohs
htons
socket
WSASetLastError
htonl
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
__WSAFDIsSet
select
recvfrom
sendto
accept
listen
gethostname
WSAGetLastError
ioctlsocket

Sections

.text
Size: 641KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 333KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e0b54879066da6c1df98f9738257690

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

iphlpapi

psapi

crypt32

ws2_32

Sections

.text Size: 641KB - Virtual size: 640KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 333KB - Virtual size: 336KB

.text
Size: 641KB - Virtual size: 640KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 333KB - Virtual size: 336KB