General

  • Target

    2025-07-03_8aa8c52432ca4282caf3234969372746_amadey_black-basta_darkgate_elex_luca-stealer_swisyn

  • Size

    20.9MB

  • Sample

    250703-gkmrpafl6x

  • MD5

    8aa8c52432ca4282caf3234969372746

  • SHA1

    2c9f3c1c72a077c6756b250ec8f916de462b828e

  • SHA256

    85710612ff0373b29d4de9e0f38c8bc43b93008cbc3db4b73c3c7b7e40188d20

  • SHA512

    576bf42f61c215c18cb4f3c0bc4e3d2834a60936d7c08bd25d8e7692a16a7e942969b6f93580458371e4a7beab0624b7ea9a6a3f1c26611e5e54efc390ef8e14

  • SSDEEP

    393216:TU5RvYB6GOGkAj3Xb2gEq5xWeZYz9YmgvDxvW1m1ck1UYLFOim:QrGdOGjj3XiLixb6z+mgvdvfeYL0t

Malware Config

Targets

    • Target

      2025-07-03_8aa8c52432ca4282caf3234969372746_amadey_black-basta_darkgate_elex_luca-stealer_swisyn

    • Size

      20.9MB

    • MD5

      8aa8c52432ca4282caf3234969372746

    • SHA1

      2c9f3c1c72a077c6756b250ec8f916de462b828e

    • SHA256

      85710612ff0373b29d4de9e0f38c8bc43b93008cbc3db4b73c3c7b7e40188d20

    • SHA512

      576bf42f61c215c18cb4f3c0bc4e3d2834a60936d7c08bd25d8e7692a16a7e942969b6f93580458371e4a7beab0624b7ea9a6a3f1c26611e5e54efc390ef8e14

    • SSDEEP

      393216:TU5RvYB6GOGkAj3Xb2gEq5xWeZYz9YmgvDxvW1m1ck1UYLFOim:QrGdOGjj3XiLixb6z+mgvdvfeYL0t

    • Modifies security service

    • Modifies visiblity of hidden/system files in Explorer

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks