2025-04-03_7a79ac324cb4133629843c76e0ac166f_black-basta_cobalt-strike_floxif_hijackloader_luca-stealer

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-03_7a79ac324cb4133629843c76e0ac166f_black-basta_cobalt-strike_floxif_hijackloader_luca-stealer
Size

208KB
MD5

7a79ac324cb4133629843c76e0ac166f
SHA1

6ff96bc50b15b5537b71d28297ee87db8d6bf0cc
SHA256

b355d65d881b540714d0eaabb3695c529e8c7726061b7ebcd7baa4b3d5a1abcf
SHA512

0f91307e64ed3c9e538ce9c9498b556a5d4bbb73343908ac4da6597ec3d56a40efb16b7ce5377ee8b36eb13f819b4633a3444f39370f56dfbe960ed04cf8a69e
SSDEEP

3072:EH0PD+CWh5lO6ZflUgNtpARctyz1zs87IgEt/+Z3j2lQBV+UdE+rECWp7hKJ/R:ESD+zXffegxAF+gNBV+UdvrEFp7hKJZ

Score

1^/10

Malware Config

Signatures

Files

2025-04-03_7a79ac324cb4133629843c76e0ac166f_black-basta_cobalt-strike_floxif_hijackloader_luca-stealer
.exe windows:5 windows x86 arch:x86

b201e8790095435bbe29c0db6b2c99a6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2023, 00:00

Not After

15/06/2026, 23:59

Subject

SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,L=Hsinchu,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0b:42:9a:e4:96:a5:bd:9a:91:bf:95:bd:ef:0c:f3:61:3d:59:c2
Signer

Actual PE Digest

76:0b:42:9a:e4:96:a5:bd:9a:91:bf:95:bd:ef:0c:f3:61:3d:59:c2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ITD\Desktop\autoinstall_v2\RTKAutoInstall\RTKAutoInstall\ServiceInstall_Release\WifiAutoInstallSrv.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

kernel32

VerSetConditionMask
VerifyVersionInfoW
GetTickCount
HeapSize
GetConsoleMode
GetConsoleCP
GetLocalTime
CloseHandle
SetEvent
OutputDebugStringW
GetLastError
Sleep
CreateEventW
CreateFileW
WaitForSingleObject
GetModuleFileNameW
DeviceIoControl
GetPrivateProfileIntW
GetCurrentProcess
ReadFile
ReadConsoleW
SetEndOfFile
DecodePointer
HeapReAlloc
FlushFileBuffers
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetFileSizeEx

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification

advapi32

DeregisterEventSource
RegisterServiceCtrlHandlerExW
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
SetServiceStatus
DeleteService
ControlService
OpenProcessToken
StartServiceW
StartServiceCtrlDispatcherW
OpenServiceW
QueryServiceStatusEx
RegisterEventSourceW
ReportEventW
GetTokenInformation

shell32

ShellExecuteExW

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b201e8790095435bbe29c0db6b2c99a6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

76:0b:42:9a:e4:96:a5:bd:9a:91:bf:95:bd:ef:0c:f3:61:3d:59:c2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:91:ac:87:81:45:2e:94:78:fd:b9:0d:5a:52:33:6c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

76:0b:42:9a:e4:96:a5:bd:9a:91:bf:95:bd:ef:0c:f3:61:3d:59:c2
Signer

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 2KB