General

  • Target

    2025-05-18_5312d3a3e75470db6406a087c83b506a_amadey_avoslocker_black-basta_cobalt-strike_elex_luca-stealer

  • Size

    775KB

  • Sample

    250518-lxcjpsam4z

  • MD5

    5312d3a3e75470db6406a087c83b506a

  • SHA1

    4cc50cc02679ffba178ac5b3a0afe39dce6e8669

  • SHA256

    13cef3ff49761a39bb7b0b9685d37c7d7e6520a99a32837752498dc3990b8959

  • SHA512

    8a0de97a0455d4b2d53b4a9e6c5680fc7e78534c5d4b9b8b26a9b1f269f7f2fe049bf27bb48e13a2d0ac29236bfa2d011cfdf6b58299f98aa06cc143e5536406

  • SSDEEP

    6144:/JSavHZ2JbffcKXH3jKcLcIE1OtszSOn+qzUbAObsoFPok:/JVHZ2JbffcKXH3jFv9bnok

Malware Config

Targets

    • Target

      2025-05-18_5312d3a3e75470db6406a087c83b506a_amadey_avoslocker_black-basta_cobalt-strike_elex_luca-stealer

    • Size

      775KB

    • MD5

      5312d3a3e75470db6406a087c83b506a

    • SHA1

      4cc50cc02679ffba178ac5b3a0afe39dce6e8669

    • SHA256

      13cef3ff49761a39bb7b0b9685d37c7d7e6520a99a32837752498dc3990b8959

    • SHA512

      8a0de97a0455d4b2d53b4a9e6c5680fc7e78534c5d4b9b8b26a9b1f269f7f2fe049bf27bb48e13a2d0ac29236bfa2d011cfdf6b58299f98aa06cc143e5536406

    • SSDEEP

      6144:/JSavHZ2JbffcKXH3jKcLcIE1OtszSOn+qzUbAObsoFPok:/JVHZ2JbffcKXH3jFv9bnok

    • Renames multiple (393) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Event Triggered Execution: Image File Execution Options Injection

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks