a6f0dc1d472c47bcbeca43bc46f53f81226a64fca579a83e16932d71a954875f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
Size

10.8MB
MD5

22ceaf468601e883a6cc937afca8576c
SHA1

ff12aaec6b10edea5c974a3f24e858956989b97a
SHA256

a6f0dc1d472c47bcbeca43bc46f53f81226a64fca579a83e16932d71a954875f
SHA512

2c6c23fdc3f4580072a369ba5d19b7bf1857fcf39b8086cbcbae0a03f1143a8351036751cd67b85634e7b3e8cb367120367fa0bea89aff76a8523cc7a45ca544
SSDEEP

98304:P7Iww1fZKcl8s86/O7TXyyHTw8cssg+dJxM3JCqHbsDuH6afkZcmd8:e1fZBv9kXyuiN8uDuH60Pmd8

Score

5^/10

upx

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\diskcopy.com-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\fltMC.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\prevhost.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\psr.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\RmClient.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\gpupdate.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\migwiz\PostMig.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\pcaui.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\wscript.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\mstsc.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\net1.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\setupSNK.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\winrm.cmd-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\credwiz.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\mountvol.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\nslookup.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\timeout.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\w32tm.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\wscript.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\dllhost.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\label.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\poqexec.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\wuapp.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\chcp.com-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\choice.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\rrinstaller.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\SearchProtocolHost.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\sethc.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\TCPSVCS.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\esentutl.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\explorer.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\hh.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\IME\shared\IMCCPHR.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\newdev.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\wuapp.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\AtBroker.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\cliconfg.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\IME\IMESC5\IMSCPROP.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\netsh.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\secinit.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\com\MigRegDB.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\isoburn.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\NAPSTAT.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\vssadmin.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\IME\shared\IMCCPHR.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\netbtugc.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\gpresult.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\cipher.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\cmdl32.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\diskperf.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\scrnsave.scr-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\sort.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1284-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x0008000000015d6c-6.dat	upx
behavioral1/memory/1284-879-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1284-3664-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\wmpshare.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\7-Zip\7zG.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7601.17514_none_617c25c51f43e03f\ieinstal.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-vault_31bf3856ad364e35_6.1.7600.16385_none_4d5e025e54ba15f8\VaultCmd.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..cquisition-wiawow64_31bf3856ad364e35_6.1.7600.16385_none_2874ea220a5507fd\wiawow64.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmdl32.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.2.9600.16428_none_b436382b203656be\ExtExport.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa\OptionalFeatures.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_533d797efdf7728b\SystemPropertiesAdvanced.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\SvcIni.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\shadow.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_5197fbf234706563\aspnet_wp.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.1.7600.16385_none_d5b4f96cdbb9a8b1\IMJPMGR.EXE-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22091_none_d0d0722c3bb0dc09\setup16.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_23079f05995ee912\SetIEInstalledDate.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_ed2d0ae971b57e8d\Netplwiz.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\ehome\mcGlidHost.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Boot\PCAT\memtest.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrmUi.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_dafff0c26538f91f\extrac32.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\diskperf.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sstext3d_31bf3856ad364e35_6.1.7601.17514_none_06402269bdde4ced\ssText3d.scr-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_d76c81de4a71c338\ilasm.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netcfg_31bf3856ad364e35_6.1.7600.16385_none_6c23cd5f6b2a8dbc\netcfg.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_wvmic.inf_31bf3856ad364e35_6.1.7601.17514_none_6007c443630c03aa\vmicsvc.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7600.16385_none_99424f610bd169de\control.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_58326e688d4907c6\WFServicesReg.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmdl32.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_6.1.7601.17514_none_28c78887678afbb1\mip.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_99931ad927972550\AppLaunch.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_6.1.7600.16385_none_7861b83567d966e6\ksetup.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_6.1.7601.17514_none_f8852afc12f84e8e\nltest.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_32e02520f8081891\WSManHTTPConfig.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_6adfcf45f42effcf\diskpart.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_67910dfbf63c4aae\diskraid.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_443a636317ca9b75\fontview.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17932_none_d088def7226177d5\setup16.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_4b88deb7e45bfbb0\msiexec.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-commandlinehelp_31bf3856ad364e35_6.1.7600.16385_none_3020274b22e8a90f\help.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61\BdeUnlockWizard.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_9edcb4a706944d0a\autoconv.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ftp_31bf3856ad364e35_6.1.7601.17514_none_aef2c7dbb6cc16c1\ftp.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_7a9a2f07e4e23a48\ConfigureIEOptionalComponents.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_fb26c75d92790b8f\setupSNK.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe\Bubbles.scr-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eventcollector_31bf3856ad364e35_6.1.7600.16385_none_5702948e8e63fc30\wecutil.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_b45109ec45a678fc\WFServicesReg.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\ehome\ehshell.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\ehome\McxTask.exe	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-robocopy_31bf3856ad364e35_6.1.7601.17514_none_252d34f00303c6fa\Robocopy.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tasklist_31bf3856ad364e35_6.1.7600.16385_none_843823d87402ab36\tasklist.exe-	2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe

C:\Users\Admin\AppData\Local\Temp\2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_22ceaf468601e883a6cc937afca8576c_black-basta_luca-stealer.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
11.7MB

MD5
965a6ba70c7512f45942fd3501564531

SHA1
135793cbda1cba567612a60ef0493a93ababef21

SHA256
b8f2cbecc35461564950e735bc5c9c1f77a06341e549ed8591aefd1e7ee653fb

SHA512
237d1b124a652549ffc228d69fb16af2753c1e973778374b6dfb0455f1b06ba3f8fb01828f8d755a252adf3c6674291846602029eeb171afa3c6f0f62f9414bc

Download Submit
memory/1284-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1284-879-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1284-3664-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download