Behavioral task
behavioral1
Sample
2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe
Resource
win11-20250410-en
General
-
Target
2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex
-
Size
20.4MB
-
MD5
74745a68d5842de1a425f2d4b4c633df
-
SHA1
18d75f80637cd7e1e68d4195b58e0f9232454cb4
-
SHA256
aa4e772b706e39b6675bda9d19f7fdf6218c96c3a52552eb7db79987552b756b
-
SHA512
cb20221b72366b389f2acd363447560b99637c02eb3ed2368a57a68518519389df621a9418a690d4049143fc8010fa3508c753b9e49394acf31b879411165279
-
SSDEEP
393216:gfZaKBsRvKt+2JtWNhqKVp1+TtIiF5/QwCPs2Qp7MePjGY6A4YP:IaKc2JtEhqKVp1QtIO/QwWQxPjnP
Malware Config
Signatures
-
Mercurialgrabber family
-
Detects Pyinstaller 1 IoCs
resource yara_rule sample pyinstaller -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex
Files
-
2025-04-19_74745a68d5842de1a425f2d4b4c633df_black-basta_elex.exe windows:4 windows x86 arch:x86
009023b6b22e202aa54365d2270f6f95
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
FreeResource
CloseHandle
WriteFile
CreateFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetStartupInfoA
shell32
ShellExecuteA
msvcrt
sprintf
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
Sections
.text Size: 4KB - Virtual size: 796B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 822B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 76B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20.3MB - Virtual size: 20.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
main.pyc