2025-03-30_73bcc01270ded210105164d4cfa3cb29_black-basta_hijackloader_luca-stealer_remcos

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-30_73bcc01270ded210105164d4cfa3cb29_black-basta_hijackloader_luca-stealer_remcos
Size

3.6MB
MD5

73bcc01270ded210105164d4cfa3cb29
SHA1

7ca80ca40b98df78483a05436d6e86aac35fd657
SHA256

4d79ff153311e103a524f00be3d83848e19b64614730de821cce62afe1a4be40
SHA512

e4dadc6df93f08df4da3a1f16401876ab2cbe0c7c4de45d9b3a3070fc60e147d0071c2ed8fd9ec242ac6c0d879ce8d14a03222e7fe0f04e35419269bf53f7525
SSDEEP

49152:ayvBqEimDjavBuw1e140ANuPuL+7NrzT0PFlT4Wtrb9m1wv6lanSiAzTu:lvBqNmDuv4w1e1jM67NrGVBtrb9m1ra3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-30_73bcc01270ded210105164d4cfa3cb29_black-basta_hijackloader_luca-stealer_remcos

Files

2025-03-30_73bcc01270ded210105164d4cfa3cb29_black-basta_hijackloader_luca-stealer_remcos
.exe windows:6 windows x86 arch:x86

2e004db139d74d675c9af216096cd47e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\PCGMR_BUILD\Cim\CiSrc\pdfconverter\pdfconverter_sdk_sogou\product\win32\pdfsdk.pdb

Imports

kernel32

GetExitCodeThread
OutputDebugStringW
TerminateThread
WritePrivateProfileStringW
FreeResource
VerSetConditionMask
VerifyVersionInfoW
GetFullPathNameW
GetDiskFreeSpaceExW
GlobalAlloc
GlobalFree
GlobalLock
OpenMutexW
GlobalUnlock
GetComputerNameA
GetTickCount64
lstrcmpiW
LoadLibraryExW
FreeLibrary
GetModuleHandleW
CreateProcessW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
LocalFree
FileTimeToLocalFileTime
WriteConsoleW
ReadConsoleInputW
SetConsoleMode
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
LoadLibraryW
IsValidLocale
GetLocaleInfoW
lstrcmpA
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleCP
SetConsoleCtrlHandler
SetFilePointerEx
GetFileAttributesExW
FreeLibraryAndExitThread
ExitThread
GetFileAttributesW
ExitProcess
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
VerifyVersionInfoA
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
LocalAlloc
GetFileInformationByHandle
UnmapViewOfFile
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
GetPrivateProfileIntW
GetCurrentProcessId
FormatMessageW
Sleep
GetCurrentThreadId
CreateMutexW
SetEndOfFile
SetLastError
GetFileSizeEx
ResetEvent
CreateThread
SetEvent
CreateEventW
WaitForMultipleObjects
GetTempPathW
GetLocalTime
MoveFileW
CopyFileW
lstrlenW
GetTickCount
GetWindowsDirectoryW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
WriteFile
SystemTimeToFileTime
MoveFileExW
RemoveDirectoryW
FindNextFileW
DeleteFileW
LCMapStringW
RaiseException
CloseHandle
HeapReAlloc
LockResource
GetLastError
GetLogicalDriveStringsW
HeapSize
OpenProcess
WaitForSingleObject
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
HeapFree
InitializeSListHead
IsDebuggerPresent
GetCPInfo
EncodePointer
GetStringTypeW
GetPrivateProfileStringW
FindClose
InitializeCriticalSection
GetModuleFileNameW
FindFirstFileW
CreateDirectoryW
GetFileSize
CreateFileW
SetFilePointer
ReadFile
GetSystemDirectoryW
GetVersionExW
FileTimeToSystemTime
GetCommandLineW
GetExitCodeProcess
GetModuleHandleExW
QueryDosDeviceW
GetUserDefaultLCID
SizeofResource

user32

RegisterWindowMessageW
DestroyMenu
CreatePopupMenu
wsprintfW
GetWindowTextW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
InvalidateRect
GetDlgItem
SetWindowLongW
IsWindow
SetWindowTextW
SendMessageW
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
EndPaint
BeginPaint
GetClassInfoExW
DrawTextW
GetClientRect
LoadCursorW
SetFocus
MoveWindow
ShowWindow
RegisterClassExW
CreateWindowExW
FillRect
IsWindowVisible
InflateRect
PostMessageW
GetDesktopWindow
EnableWindow
GetNextDlgTabItem
GetCursorPos
SetForegroundWindow
ReleaseCapture
PtInRect
GetParent
SetRect
UpdateLayeredWindow
SetRectEmpty
SetCursor
SetCapture
FindWindowW
TranslateMessage
IsWindowEnabled
GetForegroundWindow
AttachThreadInput
MapWindowPoints
IsChild
PeekMessageW
GetDlgCtrlID
IsDialogMessageW
DispatchMessageW
GetActiveWindow
ScreenToClient
SetActiveWindow
MonitorFromWindow
SetWindowPos
GetFocus
GetWindowRect
GetWindow
GetMessageW
GetWindowThreadProcessId
LoadImageW
GetMenuStringW
OffsetRect
LoadBitmapW
GetMenuItemCount
GetMenuItemInfoW
CharNextW
KillTimer
DrawIconEx
PostThreadMessageW
LoadIconW
IntersectRect
IsRectEmpty
ChangeWindowMessageFilter
ClientToScreen
DestroyIcon
EqualRect
SetTimer
AppendMenuW
TrackPopupMenu
MonitorFromPoint
CopyRect
GetDC
SystemParametersInfoW
ReleaseDC
UnregisterClassW
GetMonitorInfoW

gdi32

GetClipRgn
OffsetRgn
TextOutW
LineTo
MoveToEx
ExtSelectClipRgn
RoundRect
GetViewportOrgEx
SaveDC
StretchBlt
CreatePen
SetStretchBltMode
RestoreDC
CreateBitmap
CreateDIBSection
GetStockObject
CreateRectRgnIndirect
CreateRoundRectRgn
CreateRectRgn
Rectangle
SelectClipRgn
GetObjectW
GetTextColor
RectInRegion
CreateFontIndirectW
GetCurrentObject
CombineRgn
ExtTextOutW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
SetBkMode
SetViewportOrgEx
DeleteDC
SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush
GetDeviceCaps

advapi32

CryptEnumProvidersA
CryptDestroyHash
CryptCreateHash
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
CryptDecrypt
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptSignHashA

shell32

ShellExecuteW
ShellExecuteExW
ord155
SHParseDisplayName
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHBindToParent
ord680
CommandLineToArgvW
Shell_NotifyIconW
SHCreateDirectoryExW

ole32

CoCreateInstance
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathCombineW
StrToIntA
PathAddBackslashW
StrToInt64ExW
StrToIntW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

DrawShadowText
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipGetFontCollectionFamilyCount
GdipDeleteFontFamily
GdipFree
GdipSetStringFormatAlign
GdipCloneFontFamily
GdipNewPrivateFontCollection
GdipDeleteGraphics
GdipDeletePen
GdipDeleteFont
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipSetCompositingQuality
GdipGetFamily
GdipAddPathPieI
GdipDrawRectangleI
GdipAddPathRectangleI
GdipAddPathArcI
GdipSetPenStartCap
GdipDeletePath
GdipSetSmoothingMode
GdipSetClipPath
GdipCreatePath
GdipFillPath
GdipAddPathStringI
GdipSetPenDashStyle
GdipDrawLine
GdipSetPixelOffsetMode
GdipFillRectangle
GdipClosePathFigure
GdipDrawPath
GdipResetWorldTransform
GdipSetPenEndCap
GdipRotateWorldTransform
GdipGetFontSize
GdipTranslateWorldTransform
GdipSetPenMode
GdipDrawImageI
GdipCreateLineBrushFromRectWithAngleI
GdipLoadImageFromFile
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipImageRotateFlip
GdipDrawImagePointsRectI
GdipDrawImageRectRect
GdipCloneImage
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipDisposeImageAttributes
GdipDisposeImage
GdipSetInterpolationMode
GdipCloneBitmapArea
GdipGraphicsClear
GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipSetStringFormatLineAlign
GdipCreateFont
GdipCreateSolidFill
GdipSetStringFormatTrimming
GdipCreateFontFromLogfontW
GdipDrawLinesI
GdipDrawString
GdipGetFontCollectionFamilyList
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipCloneBrush
GdipMeasureString
GdipFillRectangleI
GdipCreatePen1

ws2_32

WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
getservbyname
gethostbyname
shutdown
ntohl
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
send
recv
bind
WSACloseEvent
connect
getpeername
WSAStartup
WSAIoctl
WSASetLastError
socket
getsockname
getsockopt
htons
setsockopt
ntohs

crypt32

CryptMsgClose
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptDecodeObject

wldap32

ord26
ord22
ord41
ord50
ord45
ord32
ord211
ord46
ord143
ord217
ord200
ord301
ord27
ord33
ord79
ord35
ord60
ord30

normaliz

IdnToAscii

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 54KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 938KB - Virtual size: 938KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e004db139d74d675c9af216096cd47e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

msimg32

gdiplus

ws2_32

crypt32

wldap32

normaliz

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 486KB - Virtual size: 486KB

.data Size: 54KB - Virtual size: 69KB

.rsrc Size: 938KB - Virtual size: 938KB

.reloc Size: 172KB - Virtual size: 172KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 486KB - Virtual size: 486KB

.data
Size: 54KB - Virtual size: 69KB

.rsrc
Size: 938KB - Virtual size: 938KB

.reloc
Size: 172KB - Virtual size: 172KB