General

  • Target

    2025-05-25_814908b8001a0783d11d015f474daa34_amadey_black-basta_elex_luca-stealer

  • Size

    1.6MB

  • Sample

    250525-rnwtwasjw4

  • MD5

    814908b8001a0783d11d015f474daa34

  • SHA1

    ec2dd5d83d429a06faca8d33093944f3f8ca1603

  • SHA256

    feb922b2f837e786ed8f3ac2f52f3d13860cfa9864e20222104c7e7e2c6c0151

  • SHA512

    69ff2bb8d7d816efada0906d51805b0b1d97f2de0a98c6d04c6ca0ec8dcf2eb41cd3cbf6d8d9d9f24967f0b28772fae883319f12a0d1e73ecab00936aadc0b51

  • SSDEEP

    24576:Z5xolYQY6uQfYBjWBKdHy+vgUX11rLAZDjNYE1EraFQcsC0/3v0tRh7Z3/IN:cYvjseHTFXrLU/y0QHgZ3s

Malware Config

Targets

    • Target

      2025-05-25_814908b8001a0783d11d015f474daa34_amadey_black-basta_elex_luca-stealer

    • Size

      1.6MB

    • MD5

      814908b8001a0783d11d015f474daa34

    • SHA1

      ec2dd5d83d429a06faca8d33093944f3f8ca1603

    • SHA256

      feb922b2f837e786ed8f3ac2f52f3d13860cfa9864e20222104c7e7e2c6c0151

    • SHA512

      69ff2bb8d7d816efada0906d51805b0b1d97f2de0a98c6d04c6ca0ec8dcf2eb41cd3cbf6d8d9d9f24967f0b28772fae883319f12a0d1e73ecab00936aadc0b51

    • SSDEEP

      24576:Z5xolYQY6uQfYBjWBKdHy+vgUX11rLAZDjNYE1EraFQcsC0/3v0tRh7Z3/IN:cYvjseHTFXrLU/y0QHgZ3s

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v16

Tasks