General

  • Target

    2025-05-29_4941ed3a1e7c51838ade0d3e760b733c_amadey_black-basta_elex_luca-stealer

  • Size

    9.1MB

  • Sample

    250529-qtb6zsslz4

  • MD5

    4941ed3a1e7c51838ade0d3e760b733c

  • SHA1

    d6b2e0743175c879cdc9256903aa7ed4343a51bc

  • SHA256

    d532d706127e240565ce4d433c3e52e175c6bd68f0d1ea1cdc82f0698057fce2

  • SHA512

    35dd633a47e19639b65a85d210a4e205a038e922144e977159ea5b7510d90c40d15fa4ccf580fb2a24eb306361c8310db5082c89292b19f54f04914331d9ae03

  • SSDEEP

    98304:CGyqWyWy0GyqWyWyMRPC1em1eHL5dGTEYm:31em1eHL5dem

Malware Config

Targets

    • Target

      2025-05-29_4941ed3a1e7c51838ade0d3e760b733c_amadey_black-basta_elex_luca-stealer

    • Size

      9.1MB

    • MD5

      4941ed3a1e7c51838ade0d3e760b733c

    • SHA1

      d6b2e0743175c879cdc9256903aa7ed4343a51bc

    • SHA256

      d532d706127e240565ce4d433c3e52e175c6bd68f0d1ea1cdc82f0698057fce2

    • SHA512

      35dd633a47e19639b65a85d210a4e205a038e922144e977159ea5b7510d90c40d15fa4ccf580fb2a24eb306361c8310db5082c89292b19f54f04914331d9ae03

    • SSDEEP

      98304:CGyqWyWy0GyqWyWyMRPC1em1eHL5dGTEYm:31em1eHL5dem

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks