6d63f87c804c21583c292e68471c7ddd97734960615eb515369e3a44ec775864 | Triage

Sharing

General

Target

2025-03-30_642f571f3290eb6f7340f708654623ce_black-basta
Size

18.6MB
Sample

250330-zc5lmsynt7
MD5

642f571f3290eb6f7340f708654623ce
SHA1

486c5c01c61d1588a273f00976b12e85c7804d79
SHA256

6d63f87c804c21583c292e68471c7ddd97734960615eb515369e3a44ec775864
SHA512

3b352f616a7df689ecc53ef6762acb9c80db60adb87b78b785c1b10a96c670c993eeaa851a1e3c15d3324b4ae64c78ab22fcd9353c47f83c3316bb640d5926c4
SSDEEP

393216:EvrUXNi5ShR4uwohGaMntuZ/lZ0y8sfBIfNCLxKg5wQ2z7hR99gzaZf2Mf/g:EvrUXN8Q2eQa/nbLpIfIxKgaz7j9SaJ4

Score

10^/10

defense_evasion discovery evasion pyinstaller trojan

Malware Config

Targets

- Target
  
  2025-03-30_642f571f3290eb6f7340f708654623ce_black-basta
- Size
  
  18.6MB
- MD5
  
  642f571f3290eb6f7340f708654623ce
- SHA1
  
  486c5c01c61d1588a273f00976b12e85c7804d79
- SHA256
  
  6d63f87c804c21583c292e68471c7ddd97734960615eb515369e3a44ec775864
- SHA512
  
  3b352f616a7df689ecc53ef6762acb9c80db60adb87b78b785c1b10a96c670c993eeaa851a1e3c15d3324b4ae64c78ab22fcd9353c47f83c3316bb640d5926c4
- SSDEEP
  
  393216:EvrUXNi5ShR4uwohGaMntuZ/lZ0y8sfBIfNCLxKg5wQ2z7hR99gzaZf2Mf/g:EvrUXN8Q2eQa/nbLpIfIxKgaz7j9SaJ4
Score

10^/10

defense_evasion discovery evasion pyinstaller trojan
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies security service
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpyinstallertrojan

behavioral2

discoverypyinstaller