General

  • Target

    2025-07-02_e9ce0ed2aa4fb19728a88b1f493779bf_agent-tesla_amadey_black-basta_cobalt-strike_darkgate_elex_luca-stealer

  • Size

    938KB

  • Sample

    250702-xkwbts1js6

  • MD5

    e9ce0ed2aa4fb19728a88b1f493779bf

  • SHA1

    7d987c08af24c4ed15b0965070c97b3814262f77

  • SHA256

    f78350a46008d3d38bccfa97388fa65edf72f7b937783fe0e9aeafb2cd37629b

  • SHA512

    1cacea962e184a818a665fb141c31931cd06003bf599325f1bd0646a64b817296cdc5a48545a5ae813353b7e2331662636afe8264d2a3a1049fe4cf6fc8c3e4b

  • SSDEEP

    24576:9qDEvCTbMWu7rQYlBQcBiT6rprG8aJic:9TvC/MTQYxsWR7aJi

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.156.72.2/testmine/random.exe

Targets

    • Target

      2025-07-02_e9ce0ed2aa4fb19728a88b1f493779bf_agent-tesla_amadey_black-basta_cobalt-strike_darkgate_elex_luca-stealer

    • Size

      938KB

    • MD5

      e9ce0ed2aa4fb19728a88b1f493779bf

    • SHA1

      7d987c08af24c4ed15b0965070c97b3814262f77

    • SHA256

      f78350a46008d3d38bccfa97388fa65edf72f7b937783fe0e9aeafb2cd37629b

    • SHA512

      1cacea962e184a818a665fb141c31931cd06003bf599325f1bd0646a64b817296cdc5a48545a5ae813353b7e2331662636afe8264d2a3a1049fe4cf6fc8c3e4b

    • SSDEEP

      24576:9qDEvCTbMWu7rQYlBQcBiT6rprG8aJic:9TvC/MTQYxsWR7aJi

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v16

Tasks