General
-
Target
2025-04-04_0c9cea2e38e4f2165ba7e2d4c2eea738_black-basta_darkgate_luca-stealer_rhadamanthys_ryuk
-
Size
3.5MB
-
Sample
250404-eet8gayzgs
-
MD5
0c9cea2e38e4f2165ba7e2d4c2eea738
-
SHA1
341eea9f1c8498d5d78dfbf6547d500bc2ca400b
-
SHA256
e051fcb68ee593085a043ac55ab51303f41b2e9cb345efbc27f882a189b92237
-
SHA512
59f782113f99204726f50727633640fdef82f98facfa38ff12ecf0cbd2443e471f44668661f148eadd15c05a79957c33795d493a2e7e3c8e9f43e9ec1555d3c8
-
SSDEEP
98304:9E2R1IMT4MMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJu:9nzIX
Malware Config
Targets
-
-
Target
2025-04-04_0c9cea2e38e4f2165ba7e2d4c2eea738_black-basta_darkgate_luca-stealer_rhadamanthys_ryuk
-
Size
3.5MB
-
MD5
0c9cea2e38e4f2165ba7e2d4c2eea738
-
SHA1
341eea9f1c8498d5d78dfbf6547d500bc2ca400b
-
SHA256
e051fcb68ee593085a043ac55ab51303f41b2e9cb345efbc27f882a189b92237
-
SHA512
59f782113f99204726f50727633640fdef82f98facfa38ff12ecf0cbd2443e471f44668661f148eadd15c05a79957c33795d493a2e7e3c8e9f43e9ec1555d3c8
-
SSDEEP
98304:9E2R1IMT4MMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJu:9nzIX
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-