Overview

overview

10

Static

static

3

2025-04-07...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/04/2025, 16:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe

  • Size

    2.9MB

  • MD5

    9a464d0b1613f0597c367b623f342db7

  • SHA1

    86e83432560d18ca33a02415aa80d87444cc2850

  • SHA256

    d1cc92f01f3ca958516b590bd94fcee3caebe502dd757f722080957ab0ae0484

  • SHA512

    40ac6c4ab5fe4a24c7d537d2113b232851a50931ff0d1b3fee25b8e64e494514e3cf07b3b6e45c9eb7b55b29f6693000d71cb3b22375339e754c708fd5cbdeb3

  • SSDEEP

    49152:TGUXgwPbjXOizQmTg8QBoos7BtlC2qRPQzLn9Tw9VnlHE2j/mw0ba9Kyd:TGUXXPvOiEwg82ontlpgPQzLw1mw0bY

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Version

4.9.3 Light

Botnet

RemoteHost

C2

127.0.0.1:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-52SPIJ

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5168
    • C:\Users\Admin\AppData\Local\Temp\2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2844

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=32A0399679116ECD34F32C5178F16FB0; domain=.bing.com; expires=Sat, 02-May-2026 16:39:17 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4CCB08078334477A889C9168B66C7CE0 Ref B: LON04EDGE1111 Ref C: 2025-04-07T16:39:17Z
    date: Mon, 07 Apr 2025 16:39:16 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=32A0399679116ECD34F32C5178F16FB0
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=EVl_3RGgL63Zteio_mPnWB4giyHRp9qrLHlaMGimuR0; domain=.bing.com; expires=Sat, 02-May-2026 16:39:17 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1E69304BEA1543C7A47D68A5536F96E2 Ref B: LON04EDGE1111 Ref C: 2025-04-07T16:39:17Z
    date: Mon, 07 Apr 2025 16:39:16 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=32A0399679116ECD34F32C5178F16FB0; MSPTC=EVl_3RGgL63Zteio_mPnWB4giyHRp9qrLHlaMGimuR0
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8C8AED492538452F88D3FC16BD262F59 Ref B: LON04EDGE1111 Ref C: 2025-04-07T16:39:17Z
    date: Mon, 07 Apr 2025 16:39:16 GMT
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1374508
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DAFF7590AB6E4A568E0A9B2C33CF5FDF Ref B: LON04EDGE0921 Ref C: 2025-04-07T16:39:48Z
    date: Mon, 07 Apr 2025 16:39:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 689813
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9D62877EA9DA42B9892C57945D4AD03E Ref B: LON04EDGE0921 Ref C: 2025-04-07T16:39:48Z
    date: Mon, 07 Apr 2025 16:39:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300899_126S6R30RKFOCBYCC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317300899_126S6R30RKFOCBYCC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 978255
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3909DC61CFFC4B9AA309C97723340987 Ref B: LON04EDGE0921 Ref C: 2025-04-07T16:39:48Z
    date: Mon, 07 Apr 2025 16:39:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1310684
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B9909015F45F4499B1D3428225D2A957 Ref B: LON04EDGE0921 Ref C: 2025-04-07T16:39:48Z
    date: Mon, 07 Apr 2025 16:39:47 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 885276
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 970CE41627444D9298DA66BE5E5014FA Ref B: LON04EDGE0921 Ref C: 2025-04-07T16:39:49Z
    date: Mon, 07 Apr 2025 16:39:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301332_1PDCNQMZKAUMCHNBI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301332_1PDCNQMZKAUMCHNBI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 778126
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DAFC02750C60497CB8E858F8133D7C2D Ref B: LON04EDGE0921 Ref C: 2025-04-07T16:39:49Z
    date: Mon, 07 Apr 2025 16:39:49 GMT
  • flag-us
    DNS
    c.pki.goog
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.187.227
  • flag-us
    DNS
    c.pki.goog
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    Remote address:
    142.250.187.227:80
    Request
    GET /r/r1.crl HTTP/1.1
    Cache-Control: max-age = 3000
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 993
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Mon, 07 Apr 2025 16:05:15 GMT
    Expires: Mon, 07 Apr 2025 16:55:15 GMT
    Cache-Control: public, max-age=3000
    Age: 2133
    Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid=
    tls, http2
    2.0kB
     9.3kB
     21
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=01b1f38e557d44d48b9085fddad883c7&localId=w:09BB4BB9-3D46-9058-C614-E54E12C4002F&deviceId=6966581029011528&anid=

    HTTP Response

    204
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    12
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301332_1PDCNQMZKAUMCHNBI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    218.6kB
     6.2MB
     4543
    4535

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300899_126S6R30RKFOCBYCC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301332_1PDCNQMZKAUMCHNBI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     6.9kB
     16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 142.250.187.227:80
    http://c.pki.goog/r/r1.crl
    http
    384 B
     1.9kB
     4
    4

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    200
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 127.0.0.1:2404
    2025-04-07_9a464d0b1613f0597c367b623f342db7_black-basta_luca-stealer.exe
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    c.pki.goog
    dns
    112 B
     107 B
     2
    1

    DNS Request

    c.pki.goog

    DNS Request

    c.pki.goog

    DNS Response

    142.250.187.227

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2844-1-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-2-0x00000000006FB000-0x00000000006FC000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-15-0x0000000000705000-0x0000000000706000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-14-0x0000000000701000-0x0000000000702000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-13-0x00000000006FE000-0x00000000006FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-12-0x00000000006FC000-0x00000000006FD000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-11-0x00000000006FA000-0x00000000006FB000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-10-0x00000000006F7000-0x00000000006F8000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-9-0x00000000006F6000-0x00000000006F7000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-8-0x00000000006F2000-0x00000000006F3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-7-0x0000000000704000-0x0000000000705000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-6-0x00000000006F1000-0x00000000006F2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-5-0x00000000006FD000-0x00000000006FE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-4-0x00000000006F9000-0x00000000006FA000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-3-0x00000000006F3000-0x00000000006F4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-16-0x0000000000703000-0x0000000000704000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-17-0x00000000006F4000-0x00000000006F5000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-18-0x00000000006F8000-0x00000000006F9000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-19-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-20-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-23-0x000000000070C000-0x000000000070D000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-25-0x000000000070E000-0x000000000070F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-24-0x000000000070A000-0x000000000070B000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-21-0x0000000000700000-0x0000000000701000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-22-0x0000000000709000-0x000000000070A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-26-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-27-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-28-0x00000000006FF000-0x0000000000700000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-29-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-30-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-31-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-32-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-33-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-34-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-35-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-36-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-37-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-38-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-39-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-40-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-41-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-42-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-43-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-44-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-45-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-46-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-47-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-48-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-49-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-50-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-51-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-52-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-53-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-54-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-55-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-56-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-57-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-58-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-59-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-60-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-61-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-62-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/2844-63-0x00000000006F0000-0x0000000000765000-memory.dmp

    Filesize

    468KB

    Download

  • memory/5168-0-0x00000000006F0000-0x000000000071E000-memory.dmp

    Filesize

    184KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.