2025-04-03_2c2efc29fc75c25b90e1472e30e7be0a_black-basta_hijackloader_luca-stealer | Triage

Submit
Reports

Overview

overview

Static

static

1

2025-04-03...er.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

2025-04-03_2c2efc29fc75c25b90e1472e30e7be0a_black-basta_hijackloader_luca-stealer.exe

Resource

win10v2004-20250314-en

gurcu credential_access discovery spyware stealer

windows10-2004-x64

18 signatures

150 seconds

General

Target

2025-04-03_2c2efc29fc75c25b90e1472e30e7be0a_black-basta_hijackloader_luca-stealer
Size

5.7MB
MD5

2c2efc29fc75c25b90e1472e30e7be0a
SHA1

bf4d7300c88893be11e8b8c1cd84be7a421544ef
SHA256

def69023e3e78c66804a4a7996607540cb2c6f57eeda633a04720ce39291b103
SHA512

4bfc52b2abfbc478b37c29e4f642d63aa7031e502a637175e4c0e79b86a453f3e593e60a654f2f5fd2bebeb31c135c7c90d198ff738624d33d34dd3bbcdad5e7
SSDEEP

98304:DWl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uczq:DtOuK6mn9NzgMoYkSIvUcwti7TQlvcij

Score

1^/10

Malware Config

Signatures

Files

2025-04-03_2c2efc29fc75c25b90e1472e30e7be0a_black-basta_hijackloader_luca-stealer
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

09:54:37:10:ba:6a:1f:33:28:75:c4:5b:5d:de:71:85:b6:e8:73:73
Certificate

Issuer

CN=localhost

Not Before

29/07/2022, 14:23

Not After

26/07/2032, 14:23

Subject

CN=localhost

e9:2c:57:35:d2:d1:aa:da:b5:25:db:b9:6d:09:5d:c8:c1:b8:d7:e8:99:7f:ae:5b:14:71:04:53:3c:6a:a6:1a
Signer

Actual PE Digest

e9:2c:57:35:d2:d1:aa:da:b5:25:db:b9:6d:09:5d:c8:c1:b8:d7:e8:99:7f:ae:5b:14:71:04:53:3c:6a:a6:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\attat\source\repos\DotStealer-Builder (1.8)\DotStealer\DotStealer\obj\Release\net462\svchost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy