General

  • Target

    2025-05-03_209886ae12979be61b30fd6c4faa291c_black-basta_elex_hijackloader_luca-stealer

  • Size

    9.4MB

  • Sample

    250503-txx5eafn8t

  • MD5

    209886ae12979be61b30fd6c4faa291c

  • SHA1

    906b97057418c71a00d6828067db5904feda567c

  • SHA256

    98cc227fa32ff45b8a9d7aa351739f481cdc25c5d11b4e3f022a7591376440d8

  • SHA512

    a5716fffe04c62a602c197e0c60b7f852a027a852e05925e67851b629460abb6930f680480a98908687a4b23a9eef99da0a8f5a94bc39848c4e649aab70109b3

  • SSDEEP

    98304:+GyqWyWy0GyqWyWyMRPC1eHL5dGYSEYv+:D1eHL5dEv+

Malware Config

Targets

    • Target

      2025-05-03_209886ae12979be61b30fd6c4faa291c_black-basta_elex_hijackloader_luca-stealer

    • Size

      9.4MB

    • MD5

      209886ae12979be61b30fd6c4faa291c

    • SHA1

      906b97057418c71a00d6828067db5904feda567c

    • SHA256

      98cc227fa32ff45b8a9d7aa351739f481cdc25c5d11b4e3f022a7591376440d8

    • SHA512

      a5716fffe04c62a602c197e0c60b7f852a027a852e05925e67851b629460abb6930f680480a98908687a4b23a9eef99da0a8f5a94bc39848c4e649aab70109b3

    • SSDEEP

      98304:+GyqWyWy0GyqWyWyMRPC1eHL5dGYSEYv+:D1eHL5dEv+

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks