General

  • Target

    2025-05-02_957507ca6cba705e18c3df37b2001d40_black-basta_elex_luca-stealer

  • Size

    9.1MB

  • Sample

    250502-ncejnsbp7x

  • MD5

    957507ca6cba705e18c3df37b2001d40

  • SHA1

    59d37034739a6b2d6190770f33f30734a7951d4e

  • SHA256

    e214c23081b9879644dd232de51270fd0fa2e2a94e6e1577b5c9edcdfdb543ed

  • SHA512

    f8831a01afbe8547d28e72194c8b15c16b1f866429e096da3e89056a4557c75155d7aab1e303ebb4d0fee493464c66a693cdaebfd47a96ad1c0fd580fb76eff1

  • SSDEEP

    49152:XGyqWyWy0GyqWyWyMRPC1eHc785diLvQ8b1gt/Ido:XGyqWyWy0GyqWyWyMRPC1eHL5dGYSEYo

Malware Config

Targets

    • Target

      2025-05-02_957507ca6cba705e18c3df37b2001d40_black-basta_elex_luca-stealer

    • Size

      9.1MB

    • MD5

      957507ca6cba705e18c3df37b2001d40

    • SHA1

      59d37034739a6b2d6190770f33f30734a7951d4e

    • SHA256

      e214c23081b9879644dd232de51270fd0fa2e2a94e6e1577b5c9edcdfdb543ed

    • SHA512

      f8831a01afbe8547d28e72194c8b15c16b1f866429e096da3e89056a4557c75155d7aab1e303ebb4d0fee493464c66a693cdaebfd47a96ad1c0fd580fb76eff1

    • SSDEEP

      49152:XGyqWyWy0GyqWyWyMRPC1eHc785diLvQ8b1gt/Ido:XGyqWyWy0GyqWyWyMRPC1eHL5dGYSEYo

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks