General

  • Target

    2025-06-04_48a8d3b5108c3c465e0786a04be43756_amadey_black-basta_darkgate_elex_luca-stealer_remcos

  • Size

    11.0MB

  • Sample

    250604-z2w1sswkv3

  • MD5

    48a8d3b5108c3c465e0786a04be43756

  • SHA1

    b0c4a38219c822931de9f9704449b885a32037da

  • SHA256

    1bf4b5138ff287f718121ad8250676246119f7462b5a3f43ca4f1f2df122106a

  • SHA512

    5c593164eaf4c6e13434020520ccd5e79477a85f6102eb77d1ad5bcce83a744c86d15a64bdf5f180db550fa0b43c1ead6cdbd389eaa421e67bbac3b5035bb2f1

  • SSDEEP

    98304:dr99u4kc8Hao8eRjYBU4UAir2Y5rUnoSTyOkpc3NEj0oyISaL7k5gU9JwjZcIjzh:P9upko8Rr6r0Ic3Loy0oWYRSXMKU007o

Malware Config

Targets

    • Target

      2025-06-04_48a8d3b5108c3c465e0786a04be43756_amadey_black-basta_darkgate_elex_luca-stealer_remcos

    • Size

      11.0MB

    • MD5

      48a8d3b5108c3c465e0786a04be43756

    • SHA1

      b0c4a38219c822931de9f9704449b885a32037da

    • SHA256

      1bf4b5138ff287f718121ad8250676246119f7462b5a3f43ca4f1f2df122106a

    • SHA512

      5c593164eaf4c6e13434020520ccd5e79477a85f6102eb77d1ad5bcce83a744c86d15a64bdf5f180db550fa0b43c1ead6cdbd389eaa421e67bbac3b5035bb2f1

    • SSDEEP

      98304:dr99u4kc8Hao8eRjYBU4UAir2Y5rUnoSTyOkpc3NEj0oyISaL7k5gU9JwjZcIjzh:P9upko8Rr6r0Ic3Loy0oWYRSXMKU007o

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v16

Tasks