General

  • Target

    2025-04-18_b14d5e23fdc99438ea449f5baa5b8ebd_black-basta_elex_hijackloader_luca-stealer

  • Size

    5.8MB

  • Sample

    250418-c1t4gszvbt

  • MD5

    b14d5e23fdc99438ea449f5baa5b8ebd

  • SHA1

    08b56ff51606d57d1381df1d9a224bbe29a203d0

  • SHA256

    fb427598d885db41561df81a736279aae1b2eef411ddfcda99b6784630115eaf

  • SHA512

    82d2ef302330d686f53bf1e04a3419f1330e964b4977f07751c7d4e63213bb8c5d53d2a0e4fd4ca407c4b7e74d7daeb72e9476821383091e6510b926e1e87a65

  • SSDEEP

    98304:pEIl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Ucz:pWOuK6mn9NzgMoYkSIvUcwti7TQlvciE

Malware Config

Targets

    • Target

      2025-04-18_b14d5e23fdc99438ea449f5baa5b8ebd_black-basta_elex_hijackloader_luca-stealer

    • Size

      5.8MB

    • MD5

      b14d5e23fdc99438ea449f5baa5b8ebd

    • SHA1

      08b56ff51606d57d1381df1d9a224bbe29a203d0

    • SHA256

      fb427598d885db41561df81a736279aae1b2eef411ddfcda99b6784630115eaf

    • SHA512

      82d2ef302330d686f53bf1e04a3419f1330e964b4977f07751c7d4e63213bb8c5d53d2a0e4fd4ca407c4b7e74d7daeb72e9476821383091e6510b926e1e87a65

    • SSDEEP

      98304:pEIl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Ucz:pWOuK6mn9NzgMoYkSIvUcwti7TQlvciE

    • MilleniumRat

      MilleniumRat is a remote access trojan written in C#.

    • Milleniumrat family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v16

Tasks