General

  • Target

    2025-05-19_bc612d4a24deecbccb8d6a3b10adf0ea_amadey_black-basta_elex_hijackloader_luca-stealer

  • Size

    9.5MB

  • Sample

    250519-vw4q8scj4s

  • MD5

    bc612d4a24deecbccb8d6a3b10adf0ea

  • SHA1

    7b0b24a4e0192b820bf44d5bb2a8c4bcdae49507

  • SHA256

    3bf4f8593ffba659adbf7a76fd38d4a67f74966c9296e355d78991ea80e47025

  • SHA512

    119fb7d268fdda77d77342099acb720f8598c79332b33062c9ba2420148cfc9776caea6787431b017813efdc6282396a51cf92d622b3b5c2c958538b1803ea10

  • SSDEEP

    98304:CyyqWyWy0GyqWyWyMRPC1eHL5dGYSEYv3:11eHL5dEv3

Malware Config

Targets

    • Target

      2025-05-19_bc612d4a24deecbccb8d6a3b10adf0ea_amadey_black-basta_elex_hijackloader_luca-stealer

    • Size

      9.5MB

    • MD5

      bc612d4a24deecbccb8d6a3b10adf0ea

    • SHA1

      7b0b24a4e0192b820bf44d5bb2a8c4bcdae49507

    • SHA256

      3bf4f8593ffba659adbf7a76fd38d4a67f74966c9296e355d78991ea80e47025

    • SHA512

      119fb7d268fdda77d77342099acb720f8598c79332b33062c9ba2420148cfc9776caea6787431b017813efdc6282396a51cf92d622b3b5c2c958538b1803ea10

    • SSDEEP

      98304:CyyqWyWy0GyqWyWyMRPC1eHL5dGYSEYv3:11eHL5dEv3

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks