General
-
Target
2025-04-04_7f85ed34c2991f73da87b61bad2e3369_black-basta_darkgate_luca-stealer_rhadamanthys_ryuk
-
Size
2.4MB
-
Sample
250404-dnj87aywdw
-
MD5
7f85ed34c2991f73da87b61bad2e3369
-
SHA1
0bd33241d21ad796baf37143d57aa451db620a78
-
SHA256
85b71d5c18b39035112a77708078dc6b41f984f1e347fc1363ba6610986ec98f
-
SHA512
efbe94f8f4ea1511e9ab59b061cbd5d10661639d7e11aa63667d9b3947e489a766d75b5855c16e0f80fce5a3daa7051316ed95ffbfa3a1e13182ab5cb2e6ff79
-
SSDEEP
12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCU:eEtl9mRda12sX7hKB8NIyXbacAff
Malware Config
Targets
-
-
Target
2025-04-04_7f85ed34c2991f73da87b61bad2e3369_black-basta_darkgate_luca-stealer_rhadamanthys_ryuk
-
Size
2.4MB
-
MD5
7f85ed34c2991f73da87b61bad2e3369
-
SHA1
0bd33241d21ad796baf37143d57aa451db620a78
-
SHA256
85b71d5c18b39035112a77708078dc6b41f984f1e347fc1363ba6610986ec98f
-
SHA512
efbe94f8f4ea1511e9ab59b061cbd5d10661639d7e11aa63667d9b3947e489a766d75b5855c16e0f80fce5a3daa7051316ed95ffbfa3a1e13182ab5cb2e6ff79
-
SSDEEP
12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCU:eEtl9mRda12sX7hKB8NIyXbacAff
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-