General

  • Target

    2025-05-03_f62beabfbf933f98ab3c823d8214d0c8_black-basta_elex_hijackloader_luca-stealer

  • Size

    9.4MB

  • Sample

    250503-h1tevazthz

  • MD5

    f62beabfbf933f98ab3c823d8214d0c8

  • SHA1

    8b4714d15e2fb4a8daa6737cb6eecca20cac22d9

  • SHA256

    5d9868aa05a250a9db67003220c97ccc9f6c3c49d9f54632beebe8d6e6b7667c

  • SHA512

    bc7d0dff3f4493d5dc27c0894afef46ab659e103f68cc6b2483e49faf5626ad69de594a47fdb25cc4aecec7430070b4cdb893379a8faf7324a099f54bc97365b

  • SSDEEP

    98304:qGyqWyWy0GyqWyWyMRPC1eHL5dGYSEYvY:P1eHL5dEvY

Malware Config

Targets

    • Target

      2025-05-03_f62beabfbf933f98ab3c823d8214d0c8_black-basta_elex_hijackloader_luca-stealer

    • Size

      9.4MB

    • MD5

      f62beabfbf933f98ab3c823d8214d0c8

    • SHA1

      8b4714d15e2fb4a8daa6737cb6eecca20cac22d9

    • SHA256

      5d9868aa05a250a9db67003220c97ccc9f6c3c49d9f54632beebe8d6e6b7667c

    • SHA512

      bc7d0dff3f4493d5dc27c0894afef46ab659e103f68cc6b2483e49faf5626ad69de594a47fdb25cc4aecec7430070b4cdb893379a8faf7324a099f54bc97365b

    • SSDEEP

      98304:qGyqWyWy0GyqWyWyMRPC1eHL5dGYSEYvY:P1eHL5dEvY

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks