General
-
Target
2025-05-16_05a3c2b292c5e8916a60de40f2f53b0f_amadey_black-basta_coinminer_darkgate_elex_gcleaner_luca-stealer
-
Size
5.7MB
-
Sample
250516-aw2lnabn8s
-
MD5
05a3c2b292c5e8916a60de40f2f53b0f
-
SHA1
77dfae9c8f8b012243ea6eae47ea9ad2c411345f
-
SHA256
23b03c6edecb4b659eaab860f1d53c250f749ba57ddd7ce0c55f22c844830a73
-
SHA512
5787e7eac1e090ca2d21069ea57fac8f005b1648b1cc366a8702e67926c657a1b7684183d11d289e55827fb798d8643d55d6ed4d393fb798ae7a9cc51b04fe15
-
SSDEEP
49152:KmlI9H9rY654KYroYJqkhWFUBlNwnFq3kXRsPI6BRY20YZAliDgFL2YmXZjU2P3q:XiH9MfT3NwMkKhBRr0yAk6qkKvs
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-16_05a3c2b292c5e8916a60de40f2f53b0f_amadey_black-basta_coinminer_darkgate_elex_gcleaner_luca-stealer.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-05-16_05a3c2b292c5e8916a60de40f2f53b0f_amadey_black-basta_coinminer_darkgate_elex_gcleaner_luca-stealer
-
Size
5.7MB
-
MD5
05a3c2b292c5e8916a60de40f2f53b0f
-
SHA1
77dfae9c8f8b012243ea6eae47ea9ad2c411345f
-
SHA256
23b03c6edecb4b659eaab860f1d53c250f749ba57ddd7ce0c55f22c844830a73
-
SHA512
5787e7eac1e090ca2d21069ea57fac8f005b1648b1cc366a8702e67926c657a1b7684183d11d289e55827fb798d8643d55d6ed4d393fb798ae7a9cc51b04fe15
-
SSDEEP
49152:KmlI9H9rY654KYroYJqkhWFUBlNwnFq3kXRsPI6BRY20YZAliDgFL2YmXZjU2P3q:XiH9MfT3NwMkKhBRr0yAk6qkKvs
Score9/10-
Renames multiple (256) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1