General

  • Target

    2025-05-03_873e852b12cc2f4e1598d49f90540300_black-basta_elex_hijackloader_luca-stealer

  • Size

    9.4MB

  • Sample

    250503-vn8efsgn6s

  • MD5

    873e852b12cc2f4e1598d49f90540300

  • SHA1

    54d037c4f705675306db3d649afb1f936bf3ca68

  • SHA256

    aeeb9cc2facf7efe535f6b11a5986117f0020e5b3c8136a897e2b2ec2e766f93

  • SHA512

    2271b346718034c991d2fb61fa827ec4428c41170521db36956c88ca33574a2e88d3c167f03f20434abb69a03210f6239360a73346a5cf4ba9aeec9003005cea

  • SSDEEP

    98304:rGyqWyWy0GyqWyWyMRPC1eHL5dGYSEYve:k1eHL5dEve

Malware Config

Targets

    • Target

      2025-05-03_873e852b12cc2f4e1598d49f90540300_black-basta_elex_hijackloader_luca-stealer

    • Size

      9.4MB

    • MD5

      873e852b12cc2f4e1598d49f90540300

    • SHA1

      54d037c4f705675306db3d649afb1f936bf3ca68

    • SHA256

      aeeb9cc2facf7efe535f6b11a5986117f0020e5b3c8136a897e2b2ec2e766f93

    • SHA512

      2271b346718034c991d2fb61fa827ec4428c41170521db36956c88ca33574a2e88d3c167f03f20434abb69a03210f6239360a73346a5cf4ba9aeec9003005cea

    • SSDEEP

      98304:rGyqWyWy0GyqWyWyMRPC1eHL5dGYSEYve:k1eHL5dEve

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks