General
-
Target
2025-05-18_5312d3a3e75470db6406a087c83b506a_amadey_avoslocker_black-basta_cobalt-strike_elex_luca-stealer
-
Size
775KB
-
Sample
250518-lxcjpsam4z
-
MD5
5312d3a3e75470db6406a087c83b506a
-
SHA1
4cc50cc02679ffba178ac5b3a0afe39dce6e8669
-
SHA256
13cef3ff49761a39bb7b0b9685d37c7d7e6520a99a32837752498dc3990b8959
-
SHA512
8a0de97a0455d4b2d53b4a9e6c5680fc7e78534c5d4b9b8b26a9b1f269f7f2fe049bf27bb48e13a2d0ac29236bfa2d011cfdf6b58299f98aa06cc143e5536406
-
SSDEEP
6144:/JSavHZ2JbffcKXH3jKcLcIE1OtszSOn+qzUbAObsoFPok:/JVHZ2JbffcKXH3jFv9bnok
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-18_5312d3a3e75470db6406a087c83b506a_amadey_avoslocker_black-basta_cobalt-strike_elex_luca-stealer.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-05-18_5312d3a3e75470db6406a087c83b506a_amadey_avoslocker_black-basta_cobalt-strike_elex_luca-stealer
-
Size
775KB
-
MD5
5312d3a3e75470db6406a087c83b506a
-
SHA1
4cc50cc02679ffba178ac5b3a0afe39dce6e8669
-
SHA256
13cef3ff49761a39bb7b0b9685d37c7d7e6520a99a32837752498dc3990b8959
-
SHA512
8a0de97a0455d4b2d53b4a9e6c5680fc7e78534c5d4b9b8b26a9b1f269f7f2fe049bf27bb48e13a2d0ac29236bfa2d011cfdf6b58299f98aa06cc143e5536406
-
SSDEEP
6144:/JSavHZ2JbffcKXH3jKcLcIE1OtszSOn+qzUbAObsoFPok:/JVHZ2JbffcKXH3jFv9bnok
-
UAC bypass
-
Renames multiple (393) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Event Triggered Execution: Image File Execution Options Injection
-
Drops startup file
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1