Analysis
-
max time kernel
103s -
max time network
105s -
platform
windows11-21h2_x64 -
resource
win11-20250410-en -
resource tags
-
submitted
18/04/2025, 02:40
General
-
Target
2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe
-
Size
368KB
-
MD5
c82c31b7819148e9da1e19290c6e3aaa
-
SHA1
85b083cc9825782bd75029513e97f0d741c52316
-
SHA256
1052190feea6f77f7d3bd556aceaffa1ffc1a60c5f4fb047f1660fac9a065cf4
-
SHA512
25277bf0474020ee457a379e2fb7087b9699bfc4990db2e0c2ca99b0a02338f862ee4fbab593632e24f3c1d57465344d9a14032d3c5157656d6f267f420beb61
-
SSDEEP
6144:bsCwu+mWhJifvtNP/7YXSLB80PYjKxohR3phzaqzwtLexBopl1nMewBT:QxmIJQvPkit+asR3phzyGopl1N2T
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 2 IoCs
-
Stormkitty family
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 6 IoCs
-
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\2025-04-18_c82c31b7819148e9da1e19290c6e3aaa_black-basta_elex_luca-stealer.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Silver bullet.exe"2⤵
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
-
Network
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD5d970075839354b506a8b43a64b98fd1b
SHA1d4a2477547fab0f77931d27a3a5cc6fbf636413f
SHA2567879fab30a835c0cb17809240c2a9ae2eedda668b6049fd43c2952760ad4637d
SHA512c687e42bec8fa32c78d266ffb1919261b4bc3cba1691464b95eca9e879f6001aea662829f49d01fd3d3e438ccc2287257fdad1af5ab3221df82bfc617dbfa5e7
-
Filesize
454KB
MD5169359ed57480cc8e08a615e6d7d8586
SHA1bca0dd80e9abaa29e0c1af22513c073b20e6c50a
SHA256dba3981fe8e8b2077ec374042010056192184275a0f9442759a8a72acf0d561b
SHA512b9415f027b64c528b5ad3b5e4c57615010d0e1662ea0edb701f8c083bfeca86ef0d849f6e96aaf85e38f24b5c00a411650a010cf86ade8466e4f4c74871cf6c7
-
Filesize
300KB
MD520c0d8c1f5c18171a6302f8ba83b4ece
SHA1178c508046ff2c7cf278a05dbda971b7a72e72c5
SHA2569059bb81e1d499fad668f7a53f105af2d6707e85f03caf2ed3254edd87de8d32
SHA5129443e120db3d683d9d6515d39b87c9a24528399a025ca66ade136579ef62b020117ce195ca7696d447b366d29146abe0086d7d3c7d8a0d7261a956a8509fcd59
-
Filesize
358KB
MD58dfcbb23263d0750e785aa0fedf99161
SHA187163d71003d46f1bce243c5e02279b28dea4660
SHA256f0500d8087b1fa741213e79933fbb4cfcea3ccb8fa7b5ec85e6dec62a9a7f417
SHA512c2eeaa7ea3a3814f249fa33935bab089127b56ca47b308621e288dd5e257b45db782c8713e4a69ac5210584c1e6cfcfda17c99c12a57a219c7c3cf9dc3eab508
-
Filesize
727KB
MD57b8178bcf55aff1e879a2bcd41d22fc5
SHA11b84a7229cfe557ef6aade748ba27bcc27925d94
SHA256e0085a221a5ba3d610cc1240a5c7c11f0362e58c39ce94c69ecc25f13189b869
SHA512cdd079cb61e4c12083852b54605a85082067b404572c42fc6a6d4b9f50ad95ffd6c605b09ee8b05cdd48df74f37314ada1f763e94c0abfb7dbc6e68d2c820306
-
Filesize
1.5MB
MD51fb7e7758cdd28b399e470118e226eb6
SHA1617d69aba826d8410f8fa6cbd3eaf7d9a32fb1d8
SHA256adcc8eee3ac06e8a6a10456be0e8e7ef23f7281ce712e07952b71eb430bf0700
SHA5124f55f127ab631d13c86cf23bfa7b8db6c590e6cd93161e8021d6688721f3e39184a97c54efcb83e6a5d6d0c17cf735806ca069ce6317e58e08ded42ef188bb67
-
Filesize
434KB
MD5a12c53feabc98e62809bc2e270b86f4b
SHA160352c23a1df22402c16415b274115a377ca57f0
SHA256a51c4d03bd7fd10b25c7fc0d2ae134a213a5d829c2478176ae1302b58f3a7298
SHA51223d0c6d337959b8e11747405ebb46ece953c0754622a677575b3c68c38b7dc53d0f66ce124de6d4b919392e9a7d28ac230dba5c14c235c76efd63c279cdc62e5
-
Filesize
457KB
MD5eabbcd73982bb1f8d3db371ea5f03142
SHA1f54e5048808ca6e92e8cb144ff603657d92e824f
SHA256f4ef80f5c8be5791be5f0c3cfe1f3ebd3cd468fd4d7796add8e273edf3c3dba4
SHA512dd951ffc05bc2a56c00b54547364c2a2ee9c2f54d6fcf6b436a0c745c9f8899d33fe57873b447116ce26c8297206fb18f98917f4407cb6d07f398dca7dd6225a
-
Filesize
332KB
MD56999021d9dc189c278b30529ebc043a1
SHA1d55ba7d4b56a03f2dac1bbae0ccbf1cc0270ebdc
SHA256e86f39f2e5359d644dd264604409a805fd28dcce6c50dc8e22bf50519717f59a
SHA512977c989dfafff6e388ce5a390ad21afb6a6ef9bb5c8a9a7c53a7bd6c9080733aab3ea930036ff428acb1c714276917bfd0d98d9094102553bb04758853289a5e
-
Filesize
358KB
MD55beb14607fbd3ad810351290a3d8f3af
SHA1d0525a381349ed2be2f5e8998e9c4af3d1812d6e
SHA256f820b68f6b685781704e23697a18619f57d4cb836a4c3bbcf9d6ab32947a797a
SHA512b944459fbbc42d939d73d61bae69967e676657b49e6e45639c1d2117db1ac0e37e7a22a1c80475ffe275ab1856891d344d6e70e0e5c4b74becee645b371ef3a8
-
Filesize
788KB
MD568ab40ef02e498043a98571f8603c344
SHA1a1b459123ac8196d456eea1c0ca2d9fb9e51ab91
SHA256e89063b7a4e35213a28804b7c95df625f6a5498478f3b5314512d29cfb8d4bf0
SHA5125faaaf9565f60a3503a79e97ed9e7230c3b12337b6079177e4af65ca087ab9b693f8f4f1415093725e4bc6ed927980593a9075740e709801a433955f247ef657
-
Filesize
4KB
MD533e3cdb3bade3cbfab7021872c16103a
SHA1f2ad4774afcda2be86500053566a05a2bd19dab0
SHA256a6a6ab0ccdb59022d340ff6d7eb3a03f512c694e7e0a9aa23d1d1927cda006ca
SHA5127ad1678a268392b727876df55964c6d43b4da9ecc248db2f402883468b53001a6b96fafb9c8997d90bd79a9d7fdef131dd7b3c07d07264d8a626257978d89410
-
Filesize
408KB
-
Filesize
7.7MB
-
Filesize
344KB
-
Filesize
4KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
7.7MB
