General

  • Target

    2025-05-29_16c29b7112193e8a6d23de87e7135a57_amadey_black-basta_elex_luca-stealer

  • Size

    9.1MB

  • Sample

    250529-ka2pmszlv9

  • MD5

    16c29b7112193e8a6d23de87e7135a57

  • SHA1

    094b65f1db3cca3489e6a633cc19a5b63152b5cc

  • SHA256

    811588a9aafa2d407b195ba8c1404f23ab5551b790b091b1c6056a34149accd0

  • SHA512

    e1ff9932d99081fbfbaebc5a74b8f3ada1700d7a129f005cda6dec4114cbc0eeb0161c8a5824b89d726f4d3c4afaf4c4a4c57b210e817ffde564640c260bf212

  • SSDEEP

    98304:8GyqWyWy0GyqWyWyMRPC1em1eHL5dGTEYm:51em1eHL5dem

Malware Config

Targets

    • Target

      2025-05-29_16c29b7112193e8a6d23de87e7135a57_amadey_black-basta_elex_luca-stealer

    • Size

      9.1MB

    • MD5

      16c29b7112193e8a6d23de87e7135a57

    • SHA1

      094b65f1db3cca3489e6a633cc19a5b63152b5cc

    • SHA256

      811588a9aafa2d407b195ba8c1404f23ab5551b790b091b1c6056a34149accd0

    • SHA512

      e1ff9932d99081fbfbaebc5a74b8f3ada1700d7a129f005cda6dec4114cbc0eeb0161c8a5824b89d726f4d3c4afaf4c4a4c57b210e817ffde564640c260bf212

    • SSDEEP

      98304:8GyqWyWy0GyqWyWyMRPC1em1eHL5dGTEYm:51em1eHL5dem

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks