cf70392e26ee7d6d24cb39499567052935664d37a1b49572f9d0b5f3f3189f57 | Triage

Sharing

General

Target

2025-04-01_fda2e2ddccb519a2c1fb72dcaee2de6f_black-basta_cova_luca-stealer
Size

327KB
Sample

250401-xkfw5sxjt8
MD5

fda2e2ddccb519a2c1fb72dcaee2de6f
SHA1

efd50828acc3e182aa283c5760278c0da1f428a6
SHA256

cf70392e26ee7d6d24cb39499567052935664d37a1b49572f9d0b5f3f3189f57
SHA512

28c79ed9a9d5db3920b7e942c66670eec02046fa3d751ad18e9b3597caab76645b194bfa18bb5925ecfb8d201a291a44ee427ef39632f673db39edc43111c3cf
SSDEEP

6144:RTouKrWBEu3/Z2lpGDHU3ykJV9r/R5K7V7NRZfUlyT/8:RToPWBv/cpGrU3yerRKV7feluk

Score

10^/10

defense_evasion discovery execution exploit persistence

Malware Config

Targets

- Target
  
  2025-04-01_fda2e2ddccb519a2c1fb72dcaee2de6f_black-basta_cova_luca-stealer
- Size
  
  327KB
- MD5
  
  fda2e2ddccb519a2c1fb72dcaee2de6f
- SHA1
  
  efd50828acc3e182aa283c5760278c0da1f428a6
- SHA256
  
  cf70392e26ee7d6d24cb39499567052935664d37a1b49572f9d0b5f3f3189f57
- SHA512
  
  28c79ed9a9d5db3920b7e942c66670eec02046fa3d751ad18e9b3597caab76645b194bfa18bb5925ecfb8d201a291a44ee427ef39632f673db39edc43111c3cf
- SSDEEP
  
  6144:RTouKrWBEu3/Z2lpGDHU3ykJV9r/R5K7V7NRZfUlyT/8:RToPWBv/cpGrU3yerRKV7feluk
Score

10^/10

defense_evasion discovery execution exploit persistence
- Modifies security service
  defense_evasion
- Creates new service(s)
  persistence execution
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  defense_evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionexploitpersistence