General
-
Target
2025-05-25_26e97bd537fe58997a5b53e836dd8bfc_black-basta_elex
-
Size
3.7MB
-
Sample
250525-p6bkjstscw
-
MD5
26e97bd537fe58997a5b53e836dd8bfc
-
SHA1
94ad155ccbfe52e47694cb6f90354df804d84dbf
-
SHA256
0ca92301aaeb4f9ac2406ff00d568607083154612ce66b11440889fe47b86532
-
SHA512
bc5f1e0c63f43b977ef020f4c1a6d17191e1edfaec3269c7d4e0368b80e83e4c9e80b7790a42e2d7bfd9f5ae5647560a9accf48118866c599e4276c8884e446b
-
SSDEEP
98304:dAeZjOBfKvX7EedFY/G6Ym6g6N/JLUk2qs658OR3r:dxZZPIYY/G6H6g6NBLUko6uOR3r
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-25_26e97bd537fe58997a5b53e836dd8bfc_black-basta_elex.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-05-25_26e97bd537fe58997a5b53e836dd8bfc_black-basta_elex.exe
Resource
win11-20250502-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2025-05-25_26e97bd537fe58997a5b53e836dd8bfc_black-basta_elex
-
Size
3.7MB
-
MD5
26e97bd537fe58997a5b53e836dd8bfc
-
SHA1
94ad155ccbfe52e47694cb6f90354df804d84dbf
-
SHA256
0ca92301aaeb4f9ac2406ff00d568607083154612ce66b11440889fe47b86532
-
SHA512
bc5f1e0c63f43b977ef020f4c1a6d17191e1edfaec3269c7d4e0368b80e83e4c9e80b7790a42e2d7bfd9f5ae5647560a9accf48118866c599e4276c8884e446b
-
SSDEEP
98304:dAeZjOBfKvX7EedFY/G6Ym6g6N/JLUk2qs658OR3r:dxZZPIYY/G6H6g6NBLUko6uOR3r
-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9