General

  • Target

    2025-05-02_2d5986d8af76236399697645857c0e84_black-basta_elex_hijackloader_luca-stealer

  • Size

    9.4MB

  • Sample

    250502-e5c2wahj81

  • MD5

    2d5986d8af76236399697645857c0e84

  • SHA1

    9917d4db440b11ba46a803642b60951bd47d13d8

  • SHA256

    9694b9313d9b993830c0c1c92226e4c8518fe187f8eeb7991c05dc3183d0bef4

  • SHA512

    3e0630fe8be17439cba66957d4d999c98f49dbdb7d688be4501733a4f1cb4a3bed6babae08181d171575375b9cde995dae207ce609807145c3e82127d2c375f1

  • SSDEEP

    98304:qGyqWyWy0GyqWyWyMRPC1eHL5dGYSEYvZ:P1eHL5dEvZ

Malware Config

Targets

    • Target

      2025-05-02_2d5986d8af76236399697645857c0e84_black-basta_elex_hijackloader_luca-stealer

    • Size

      9.4MB

    • MD5

      2d5986d8af76236399697645857c0e84

    • SHA1

      9917d4db440b11ba46a803642b60951bd47d13d8

    • SHA256

      9694b9313d9b993830c0c1c92226e4c8518fe187f8eeb7991c05dc3183d0bef4

    • SHA512

      3e0630fe8be17439cba66957d4d999c98f49dbdb7d688be4501733a4f1cb4a3bed6babae08181d171575375b9cde995dae207ce609807145c3e82127d2c375f1

    • SSDEEP

      98304:qGyqWyWy0GyqWyWyMRPC1eHL5dGYSEYvZ:P1eHL5dEvZ

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks