General

  • Target

    2025-05-16_05a3c2b292c5e8916a60de40f2f53b0f_amadey_black-basta_coinminer_darkgate_elex_gcleaner_luca-stealer

  • Size

    5.7MB

  • Sample

    250516-aw2lnabn8s

  • MD5

    05a3c2b292c5e8916a60de40f2f53b0f

  • SHA1

    77dfae9c8f8b012243ea6eae47ea9ad2c411345f

  • SHA256

    23b03c6edecb4b659eaab860f1d53c250f749ba57ddd7ce0c55f22c844830a73

  • SHA512

    5787e7eac1e090ca2d21069ea57fac8f005b1648b1cc366a8702e67926c657a1b7684183d11d289e55827fb798d8643d55d6ed4d393fb798ae7a9cc51b04fe15

  • SSDEEP

    49152:KmlI9H9rY654KYroYJqkhWFUBlNwnFq3kXRsPI6BRY20YZAliDgFL2YmXZjU2P3q:XiH9MfT3NwMkKhBRr0yAk6qkKvs

Malware Config

Targets

    • Target

      2025-05-16_05a3c2b292c5e8916a60de40f2f53b0f_amadey_black-basta_coinminer_darkgate_elex_gcleaner_luca-stealer

    • Size

      5.7MB

    • MD5

      05a3c2b292c5e8916a60de40f2f53b0f

    • SHA1

      77dfae9c8f8b012243ea6eae47ea9ad2c411345f

    • SHA256

      23b03c6edecb4b659eaab860f1d53c250f749ba57ddd7ce0c55f22c844830a73

    • SHA512

      5787e7eac1e090ca2d21069ea57fac8f005b1648b1cc366a8702e67926c657a1b7684183d11d289e55827fb798d8643d55d6ed4d393fb798ae7a9cc51b04fe15

    • SSDEEP

      49152:KmlI9H9rY654KYroYJqkhWFUBlNwnFq3kXRsPI6BRY20YZAliDgFL2YmXZjU2P3q:XiH9MfT3NwMkKhBRr0yAk6qkKvs

    • Renames multiple (256) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks