General
-
Target
2025-04-04_ea7c0fc5f57f8d1e658b00370182d550_amadey_black-basta_luca-stealer_smoke-loader
-
Size
2.6MB
-
Sample
250404-1dmmwsvwat
-
MD5
ea7c0fc5f57f8d1e658b00370182d550
-
SHA1
a28b0e91a42401a7ab8601bf32dc0203109ca29e
-
SHA256
ad82af63e8c6c2e72175b58c1c4ba8837209389fdcf5601026731ec8788a60f6
-
SHA512
ae5d31c034b5b6cd60789e46863440c0c8c4dc6031c1c14cd0504e6f941d37688462e2d82cb1b42aa78f04928610728a6788a4b45cd78cd1658ad89d184eeb76
-
SSDEEP
49152:NFdG9msu4sVrFpdrDLR8sL2GRQYLd6CnykKi7NrZOPEC5LQrHc9ffQ4efLf:NFdGhutrjdz6shhLdvx7NrZJKQrHc9fu
Static task
static1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2025-04-04_ea7c0fc5f57f8d1e658b00370182d550_amadey_black-basta_luca-stealer_smoke-loader
-
Size
2.6MB
-
MD5
ea7c0fc5f57f8d1e658b00370182d550
-
SHA1
a28b0e91a42401a7ab8601bf32dc0203109ca29e
-
SHA256
ad82af63e8c6c2e72175b58c1c4ba8837209389fdcf5601026731ec8788a60f6
-
SHA512
ae5d31c034b5b6cd60789e46863440c0c8c4dc6031c1c14cd0504e6f941d37688462e2d82cb1b42aa78f04928610728a6788a4b45cd78cd1658ad89d184eeb76
-
SSDEEP
49152:NFdG9msu4sVrFpdrDLR8sL2GRQYLd6CnykKi7NrZOPEC5LQrHc9ffQ4efLf:NFdGhutrjdz6shhLdvx7NrZJKQrHc9fu
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5