General
-
Target
2025-06-04_48a8d3b5108c3c465e0786a04be43756_amadey_black-basta_darkgate_elex_luca-stealer_remcos
-
Size
11.0MB
-
Sample
250604-z2w1sswkv3
-
MD5
48a8d3b5108c3c465e0786a04be43756
-
SHA1
b0c4a38219c822931de9f9704449b885a32037da
-
SHA256
1bf4b5138ff287f718121ad8250676246119f7462b5a3f43ca4f1f2df122106a
-
SHA512
5c593164eaf4c6e13434020520ccd5e79477a85f6102eb77d1ad5bcce83a744c86d15a64bdf5f180db550fa0b43c1ead6cdbd389eaa421e67bbac3b5035bb2f1
-
SSDEEP
98304:dr99u4kc8Hao8eRjYBU4UAir2Y5rUnoSTyOkpc3NEj0oyISaL7k5gU9JwjZcIjzh:P9upko8Rr6r0Ic3Loy0oWYRSXMKU007o
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-04_48a8d3b5108c3c465e0786a04be43756_amadey_black-basta_darkgate_elex_luca-stealer_remcos.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-06-04_48a8d3b5108c3c465e0786a04be43756_amadey_black-basta_darkgate_elex_luca-stealer_remcos.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-06-04_48a8d3b5108c3c465e0786a04be43756_amadey_black-basta_darkgate_elex_luca-stealer_remcos
-
Size
11.0MB
-
MD5
48a8d3b5108c3c465e0786a04be43756
-
SHA1
b0c4a38219c822931de9f9704449b885a32037da
-
SHA256
1bf4b5138ff287f718121ad8250676246119f7462b5a3f43ca4f1f2df122106a
-
SHA512
5c593164eaf4c6e13434020520ccd5e79477a85f6102eb77d1ad5bcce83a744c86d15a64bdf5f180db550fa0b43c1ead6cdbd389eaa421e67bbac3b5035bb2f1
-
SSDEEP
98304:dr99u4kc8Hao8eRjYBU4UAir2Y5rUnoSTyOkpc3NEj0oyISaL7k5gU9JwjZcIjzh:P9upko8Rr6r0Ic3Loy0oWYRSXMKU007o
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-