General
-
Target
2025-04-04_18fb1f07d4bd4827cd6ee65c7e8ee1e6_black-basta_hijackloader_luca-stealer
-
Size
8.1MB
-
Sample
250404-w4qp1ssscx
-
MD5
18fb1f07d4bd4827cd6ee65c7e8ee1e6
-
SHA1
918a4b601cadad2bd26a7a4bc0880b15707affd5
-
SHA256
290567c98c4355c80447243d98f9659b1d203c378ae1e48b311199387b900c39
-
SHA512
e68b1948f9ce665b7a993161e8a40fbded9183272105fefe8d3827d9648efb974d8dad8c6fd8b9a6527971c4010460b56d3e2efeaef95a3eb2a7527a84cd78fd
-
SSDEEP
98304:GzMT4cy1WA55A4iEtELMEAe4d8qZkHtk0q1WA0p/5chEuuZkJaG:CMT42AjtELyyHHtk0khbaG
Static task
static1
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2025-04-04_18fb1f07d4bd4827cd6ee65c7e8ee1e6_black-basta_hijackloader_luca-stealer
-
Size
8.1MB
-
MD5
18fb1f07d4bd4827cd6ee65c7e8ee1e6
-
SHA1
918a4b601cadad2bd26a7a4bc0880b15707affd5
-
SHA256
290567c98c4355c80447243d98f9659b1d203c378ae1e48b311199387b900c39
-
SHA512
e68b1948f9ce665b7a993161e8a40fbded9183272105fefe8d3827d9648efb974d8dad8c6fd8b9a6527971c4010460b56d3e2efeaef95a3eb2a7527a84cd78fd
-
SSDEEP
98304:GzMT4cy1WA55A4iEtELMEAe4d8qZkHtk0q1WA0p/5chEuuZkJaG:CMT42AjtELyyHHtk0khbaG
-
Modifies firewall policy service
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5