Analysis
-
max time kernel
104s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20250410-en -
resource tags
-
submitted
18/04/2025, 02:40
General
-
Target
2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe
-
Size
368KB
-
MD5
c82c31b7819148e9da1e19290c6e3aaa
-
SHA1
85b083cc9825782bd75029513e97f0d741c52316
-
SHA256
1052190feea6f77f7d3bd556aceaffa1ffc1a60c5f4fb047f1660fac9a065cf4
-
SHA512
25277bf0474020ee457a379e2fb7087b9699bfc4990db2e0c2ca99b0a02338f862ee4fbab593632e24f3c1d57465344d9a14032d3c5157656d6f267f420beb61
-
SSDEEP
6144:bsCwu+mWhJifvtNP/7YXSLB80PYjKxohR3phzaqzwtLexBopl1nMewBT:QxmIJQvPkit+asR3phzyGopl1N2T
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 2 IoCs
-
Stormkitty family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 3 IoCs
-
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe"2⤵
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
-
Network
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD5d970075839354b506a8b43a64b98fd1b
SHA1d4a2477547fab0f77931d27a3a5cc6fbf636413f
SHA2567879fab30a835c0cb17809240c2a9ae2eedda668b6049fd43c2952760ad4637d
SHA512c687e42bec8fa32c78d266ffb1919261b4bc3cba1691464b95eca9e879f6001aea662829f49d01fd3d3e438ccc2287257fdad1af5ab3221df82bfc617dbfa5e7
-
Filesize
691KB
MD579eb9e457d338a60159ee41886b58054
SHA1942ddca3bfd9a4b1055607a3c1718ff2b1c107cf
SHA256b96cf03a846800950773a1e18a8dc79c520b1db37a379b9dc915cd1df930f922
SHA5127afc81ae8eeb8eb404a3d047ee6551ff66a747bbe0efe7f82583082b442f95e28d63a53bad243b3fe86a3a95ef93ff28b9a209f3f067dbcf77c1f3c9f5c32f4a
-
Filesize
555KB
MD53d962b55d85a28b6834fca8863ea0e38
SHA13385693825d5d88016d2e8cb561162cd6728d467
SHA25697d27ffcd967126f087b0b663f7e01025b5238163dc8ab9fc30199608c26ffc8
SHA512fe01f50226767664ca71a59dd68bc9d5d06c2bf5c713b6b34ebeefed95824850e66a92a7366ba36f16d6043541e8b9159058aa272ca35180a036e23fdeaacc80
-
Filesize
2.0MB
MD561df5e41e76e43f17302fd3300159100
SHA1d858fc53ded2805d5c7b64624847a4dd9cb37560
SHA25629173b0eb9335fba6118b79886def45133dbd5e9ab0cece3e2ea1e966b062753
SHA51255975d9961e255511defaeafef54727d3b83016e03375fcc5d872705c0fd401ffe741c30443c1a908776ec22f937840138283dcdb83902245ae9d3d80a7f55a6
-
Filesize
488KB
MD55dc3889ae142e4b6dc9289152d33add3
SHA1689638b5b61ecce23657e2f2a4be5e5298f35f51
SHA256554688ab216daed65570e74c42e9a5913a431d8648547d7d46454cbc98bf2f0a
SHA5125c1967d7a544bc0819c52dccf2c1ed0587212f72d4769c780dbb1283a1777ec3c9713833a4c3ff137577ad1c416f875d2a7167c8276f46d0e17054d8f581ee32
-
Filesize
608KB
MD51a06075d80dc7ec0e062e9acf27539df
SHA1f192b128e63dd5d541f52171fcca06383690f8ff
SHA256b8cd7b68a6aae86eb105d42e6266b17d0f761016b8325b01c2b186eae181b45c
SHA5124ade5386189bc3a4bff58d3e9ec85da6083661bd3e0767070b24e6a4708b74e4755485b0015c509c3c4415b248f39387b5f286d68b1fbd70ae1ce4564de1dd03
-
Filesize
260KB
MD5a06d5d47929fc823029e2ca146d7160e
SHA1574e0b0484b7a9342e36453774dfa0ab06465a61
SHA256de82816d45bf83d3d56ef1e262e28dc31e288db0f48c739fe777908de6b69be0
SHA512089b53fed31933ca050073fd7f2e04cc9809d42233cd821dc0ba17c2575b67e81ff735148f9055d7abd381cd422a887f2d15c54316c4eeea8cc9fe968e84478a
-
Filesize
222KB
MD51870df1bbf826cfd2e4a6830eb344189
SHA133beb91faeeec6cd2af6409c21e0477620b30370
SHA256f79124c771a71431bbe9db45ef1b40ef46dc46621e78a60706247b0c77199d59
SHA512045c2a8e8c775a4af1a00fcab5664ff9009b8b7a2d6fc06ceb88096f98295c8af4fb90b08b1177aaa61fbd37ea4858dd49461e118d1ead711fb16ed0873aa1a0
-
Filesize
266KB
MD51805f07a96ddc2a0636d11ccff574506
SHA1e633a63bff06de2f7eb0b380158a5167612d18d4
SHA256dd3100ec3be1b2ab2eae1e31424cc0150f9f0c111662435139c98c1c4dbbc504
SHA5124a37830d7a54e022a6168026812876210f3f4a5a770ee898f2dfd8aaa2d83c8d8c92047e0191f34acc8922aeae658de6fdfd31af2b7ae47879fdfe2d64b97377
-
Filesize
355KB
MD55078f77c6ef6568e01e833a096cd2ebe
SHA1b6d42182a27497dff5128a41618f184201a9f40d
SHA2569e8fbc2dd788e59ce9345d307a060611d4dd03c5234d4ed606dfc73d19490a76
SHA5124609eb51af644bc14d595141033ca5673aefca42a983b9bc3411b90185be3364e6c7d5c8a5ff4d9a546fdf61a84afe37a82d21b68f3dad0ae02a042a472db625
-
Filesize
251KB
MD5f389c577eff6bfffed5da7a3d666089c
SHA1cae3f6ecf2812c61d8aad6b6a77a96dfe8d6a1f3
SHA2567b19778d4e204074f9242bb3872abac81bd293f6035e4c0cae0d0ade9600cf76
SHA512cfa28b0a66409b6e4a348b7f4ab8815d8f1fd4c8a46f113d9e5ac10618620f067f8e9586666dd598576c66789c81b84e421963d288c9512369454146a62f5c52
-
Filesize
636KB
MD5e62be18ee2c50eff53570a89f2ca5668
SHA1a3e4db0a9d2e88fd84e4cbf9e5fa5e7437c9741d
SHA256b613324a783736b4464e6da54855eb39e86c4a86fad9a890781b1118a4cb3a8c
SHA512bce6bda5718cc028576f50a70891072f416c2ad6b06d1dbe98a281f1e6ac3600825286a41519bb0ec02d5a8f421afe37888952748b187814f1fc2f24438a5971
-
Filesize
4KB
MD598bad58738f7a9c0f02996f9955b9398
SHA1b2b7a39d7b919b52cca1a5611aacaf4abf732717
SHA256109e7da1b72e5e224afebdc7498631845e8db2b7f8c682c65f4e989946fb60da
SHA512f4dc1a22c15de1c1c5457a2999269031067819d78af40b07b190996fe83b5362f66f3334a6858a79e2377bf7d8e8ddf403aab3e25bc852891dac553205e48737
-
Filesize
5.6MB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
408KB
-
Filesize
584KB
-
Filesize
7.7MB
-
Filesize
344KB
-
Filesize
4KB
-
Filesize
7.7MB
