General
-
Target
2025-05-25_38dd26b32a79e2bf5a1284ab7b63e316_black-basta_darkgate_elex_hijackloader_luca-stealer
-
Size
381KB
-
Sample
250525-p2e26syqx4
-
MD5
38dd26b32a79e2bf5a1284ab7b63e316
-
SHA1
e2fffe3cc8ed46813773476baf5ecf4779346116
-
SHA256
15272b209e4b8677fc20e1b00f8b99031256c2ea7d6c015456c17e7ba878170d
-
SHA512
31b219894b994a778f20e800b8152d5451d11cf44ca4908a5d61d65e6ca0d10495bbe23f899f9d55f5220fd7542c475ac70ecdee5e7e1b3eb3175ad342138c2a
-
SSDEEP
6144:zvEN2U+T6i5LirrllHy4HUcMQY6Fb0jMHQtPcxq29JFa/au8RP+kfXhXx:zENN+T5xYrllrU7QY6l0jMwt0q2HFa/e
Behavioral task
behavioral1
Sample
2025-05-25_38dd26b32a79e2bf5a1284ab7b63e316_black-basta_darkgate_elex_hijackloader_luca-stealer.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-05-25_38dd26b32a79e2bf5a1284ab7b63e316_black-basta_darkgate_elex_hijackloader_luca-stealer.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-05-25_38dd26b32a79e2bf5a1284ab7b63e316_black-basta_darkgate_elex_hijackloader_luca-stealer
-
Size
381KB
-
MD5
38dd26b32a79e2bf5a1284ab7b63e316
-
SHA1
e2fffe3cc8ed46813773476baf5ecf4779346116
-
SHA256
15272b209e4b8677fc20e1b00f8b99031256c2ea7d6c015456c17e7ba878170d
-
SHA512
31b219894b994a778f20e800b8152d5451d11cf44ca4908a5d61d65e6ca0d10495bbe23f899f9d55f5220fd7542c475ac70ecdee5e7e1b3eb3175ad342138c2a
-
SSDEEP
6144:zvEN2U+T6i5LirrllHy4HUcMQY6Fb0jMHQtPcxq29JFa/au8RP+kfXhXx:zENN+T5xYrllrU7QY6l0jMwt0q2HFa/e
-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
7Subvert Trust Controls
1Install Root Certificate
1