General
-
Target
2025-04-18_b14d5e23fdc99438ea449f5baa5b8ebd_black-basta_elex_hijackloader_luca-stealer
-
Size
5.8MB
-
Sample
250418-c1t4gszvbt
-
MD5
b14d5e23fdc99438ea449f5baa5b8ebd
-
SHA1
08b56ff51606d57d1381df1d9a224bbe29a203d0
-
SHA256
fb427598d885db41561df81a736279aae1b2eef411ddfcda99b6784630115eaf
-
SHA512
82d2ef302330d686f53bf1e04a3419f1330e964b4977f07751c7d4e63213bb8c5d53d2a0e4fd4ca407c4b7e74d7daeb72e9476821383091e6510b926e1e87a65
-
SSDEEP
98304:pEIl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Ucz:pWOuK6mn9NzgMoYkSIvUcwti7TQlvciE
Static task
static1
Behavioral task
behavioral1
Sample
2025-04-18_b14d5e23fdc99438ea449f5baa5b8ebd_black-basta_elex_hijackloader_luca-stealer.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
2025-04-18_b14d5e23fdc99438ea449f5baa5b8ebd_black-basta_elex_hijackloader_luca-stealer.exe
Resource
win11-20250410-en
Malware Config
Targets
-
-
Target
2025-04-18_b14d5e23fdc99438ea449f5baa5b8ebd_black-basta_elex_hijackloader_luca-stealer
-
Size
5.8MB
-
MD5
b14d5e23fdc99438ea449f5baa5b8ebd
-
SHA1
08b56ff51606d57d1381df1d9a224bbe29a203d0
-
SHA256
fb427598d885db41561df81a736279aae1b2eef411ddfcda99b6784630115eaf
-
SHA512
82d2ef302330d686f53bf1e04a3419f1330e964b4977f07751c7d4e63213bb8c5d53d2a0e4fd4ca407c4b7e74d7daeb72e9476821383091e6510b926e1e87a65
-
SSDEEP
98304:pEIl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Ucz:pWOuK6mn9NzgMoYkSIvUcwti7TQlvciE
-
Milleniumrat family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1