General

  • Target

    2025-05-25_38dd26b32a79e2bf5a1284ab7b63e316_black-basta_darkgate_elex_hijackloader_luca-stealer

  • Size

    381KB

  • Sample

    250525-p2e26syqx4

  • MD5

    38dd26b32a79e2bf5a1284ab7b63e316

  • SHA1

    e2fffe3cc8ed46813773476baf5ecf4779346116

  • SHA256

    15272b209e4b8677fc20e1b00f8b99031256c2ea7d6c015456c17e7ba878170d

  • SHA512

    31b219894b994a778f20e800b8152d5451d11cf44ca4908a5d61d65e6ca0d10495bbe23f899f9d55f5220fd7542c475ac70ecdee5e7e1b3eb3175ad342138c2a

  • SSDEEP

    6144:zvEN2U+T6i5LirrllHy4HUcMQY6Fb0jMHQtPcxq29JFa/au8RP+kfXhXx:zENN+T5xYrllrU7QY6l0jMwt0q2HFa/e

Malware Config

Targets

    • Target

      2025-05-25_38dd26b32a79e2bf5a1284ab7b63e316_black-basta_darkgate_elex_hijackloader_luca-stealer

    • Size

      381KB

    • MD5

      38dd26b32a79e2bf5a1284ab7b63e316

    • SHA1

      e2fffe3cc8ed46813773476baf5ecf4779346116

    • SHA256

      15272b209e4b8677fc20e1b00f8b99031256c2ea7d6c015456c17e7ba878170d

    • SHA512

      31b219894b994a778f20e800b8152d5451d11cf44ca4908a5d61d65e6ca0d10495bbe23f899f9d55f5220fd7542c475ac70ecdee5e7e1b3eb3175ad342138c2a

    • SSDEEP

      6144:zvEN2U+T6i5LirrllHy4HUcMQY6Fb0jMHQtPcxq29JFa/au8RP+kfXhXx:zENN+T5xYrllrU7QY6l0jMwt0q2HFa/e

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Network Share Discovery

      Attempt to gather information on host network.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v16

Tasks