Analysis Overview
SHA256
eb4503d4d1eada35dc8228d3a470ac6306fe54a082582deb2999fc2cd6dccc84
Threat Level: Shows suspicious behavior
The file 2025-07-02_e5de00d231fc11f0014cff8f8eb873a9_amadey_black-basta_darkgate_elex_luca-stealer was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks whether UAC is enabled
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-02 18:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-02 18:52
Reported
2025-07-02 18:55
Platform
win10v2004-20250619-en
Max time kernel
103s
Max time network
141s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2025-07-02_e5de00d231fc11f0014cff8f8eb873a9_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-02_e5de00d231fc11f0014cff8f8eb873a9_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-02_e5de00d231fc11f0014cff8f8eb873a9_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-02_e5de00d231fc11f0014cff8f8eb873a9_amadey_black-basta_darkgate_elex_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-02_e5de00d231fc11f0014cff8f8eb873a9_amadey_black-basta_darkgate_elex_luca-stealer.exe"
C:\Users\Admin\AppData\Local\Temp\2025-07-02_e5de00d231fc11f0014cff8f8eb873a9_amadey_black-basta_darkgate_elex_luca-stealer.exe
C:\Users\Admin\AppData\Local\Temp\2025-07-02_e5de00d231fc11f0014cff8f8eb873a9_amadey_black-basta_darkgate_elex_luca-stealer.exe --crash-handler --database=C:\Users\Admin\AppData\Local\Google\GoogleUpdater\138.0.7194.0\Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7194.0 --attachment=C:\Users\Admin\AppData\Local\Google\GoogleUpdater\updater.log --initial-client-data=0x284,0x288,0x28c,0x280,0x25c,0x9229c0,0x9229cc,0x9229d8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
Files
memory/1080-0-0x0000000000400000-0x0000000000A79000-memory.dmp
C:\Users\Admin\AppData\Local\Google\GoogleUpdater\updater.log
| MD5 | d2f5a806fa4aef861ee9db76de759f59 |
| SHA1 | dd5bb5fe88592f2d5e2b9bc1309af58f82baf653 |
| SHA256 | c9675cdf2da03c70d1f5ee99d4d0b90bc42243a4c324e2ce400a6615ca857f91 |
| SHA512 | 3ecdaccbf100bcf3d4b31c6390ae51af80563c3f92c9adfae95324f43c80e008a6e1689d27ead001df1c5079f44c5ccca35646cbfd534a5281a3c9804492dc2c |
memory/4580-2-0x0000000000400000-0x0000000000A79000-memory.dmp
memory/1080-3-0x0000000000400000-0x0000000000A79000-memory.dmp
memory/4580-6-0x0000000000400000-0x0000000000A79000-memory.dmp