General
-
Target
2025-07-01_bd633979c9308f4d2facb6b7960b9be8_agent-tesla_amadey_black-basta_darkgate_elex_luca-stealer
-
Size
25.6MB
-
Sample
250701-j6vqjassgt
-
MD5
bd633979c9308f4d2facb6b7960b9be8
-
SHA1
b89d1a67eb0fecb754a4e30c9068067713317122
-
SHA256
7498ae63d8632ff0262eeefe72e432c45a8a579a0bf4db25f6427baf678d138e
-
SHA512
277741872227d4299d34e23f0296c7680d9200a9c00e5aae0084afabcbd697cee1cfe948708d4b3a6764ec68f940c66e344effe3e8d40c4e8fa122dfa5d935d5
-
SSDEEP
786432:dXwh5ZPo5Rvjewynipa2IopRJQ9QVlv+txKI:GRPZwyni1gPV
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-01_bd633979c9308f4d2facb6b7960b9be8_agent-tesla_amadey_black-basta_darkgate_elex_luca-stealer.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
2025-07-01_bd633979c9308f4d2facb6b7960b9be8_agent-tesla_amadey_black-basta_darkgate_elex_luca-stealer.exe
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
2025-07-01_bd633979c9308f4d2facb6b7960b9be8_agent-tesla_amadey_black-basta_darkgate_elex_luca-stealer
-
Size
25.6MB
-
MD5
bd633979c9308f4d2facb6b7960b9be8
-
SHA1
b89d1a67eb0fecb754a4e30c9068067713317122
-
SHA256
7498ae63d8632ff0262eeefe72e432c45a8a579a0bf4db25f6427baf678d138e
-
SHA512
277741872227d4299d34e23f0296c7680d9200a9c00e5aae0084afabcbd697cee1cfe948708d4b3a6764ec68f940c66e344effe3e8d40c4e8fa122dfa5d935d5
-
SSDEEP
786432:dXwh5ZPo5Rvjewynipa2IopRJQ9QVlv+txKI:GRPZwyni1gPV
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v16
Persistence
Browser Extensions
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1