General
-
Target
2025-05-14_85e414fdd2e447e03d4f3c724d1b29b8_amadey_avoslocker_black-basta_cobalt-strike_elex_luca-stealer_qakbot
-
Size
273KB
-
Sample
250514-bmdznstvas
-
MD5
85e414fdd2e447e03d4f3c724d1b29b8
-
SHA1
db980ed136f642dc1d8e9b3926eeb6bff805616d
-
SHA256
954f5e5d737d2af5ee509c5661dbb95819261eb90d7131f1fde9c3c798bb5d5d
-
SHA512
bd910673ab6e22e6299df98385ef658f88ac18fd9c9582ed87f5d0ba1fa1e65201ec973ef0a9d933f2ceb7fbd9a2eb56b9a83f909b1f0d54f167b564fce132a7
-
SSDEEP
6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8Xck8B:elnot4+UwLDiT6OzR8llAgqbB
Behavioral task
behavioral1
Sample
2025-05-14_85e414fdd2e447e03d4f3c724d1b29b8_amadey_avoslocker_black-basta_cobalt-strike_elex_luca-stealer_qakbot.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
netwire
blockchainsync.dynns.com:5002
-
activex_autorun
false
-
activex_key
{P53X5308-AC7D-A2X0-Q2GT-70K67S7URI1O}
-
copy_executable
false
-
delete_original
false
-
host_id
FULLR-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
mutex
PvvshbTL
-
offline_keylogger
false
-
password
joker9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
2025-05-14_85e414fdd2e447e03d4f3c724d1b29b8_amadey_avoslocker_black-basta_cobalt-strike_elex_luca-stealer_qakbot
-
Size
273KB
-
MD5
85e414fdd2e447e03d4f3c724d1b29b8
-
SHA1
db980ed136f642dc1d8e9b3926eeb6bff805616d
-
SHA256
954f5e5d737d2af5ee509c5661dbb95819261eb90d7131f1fde9c3c798bb5d5d
-
SHA512
bd910673ab6e22e6299df98385ef658f88ac18fd9c9582ed87f5d0ba1fa1e65201ec973ef0a9d933f2ceb7fbd9a2eb56b9a83f909b1f0d54f167b564fce132a7
-
SSDEEP
6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8Xck8B:elnot4+UwLDiT6OzR8llAgqbB
-
NetWire RAT payload
-
Netwire family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1