Analysis

  • max time kernel
    104s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250619-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2025, 05:54

General

  • Target

    2025-07-03_9637b08a5424280dc9f31f3adba797c5_amadey_black-basta_elex_luca-stealer.exe

  • Size

    13.2MB

  • MD5

    9637b08a5424280dc9f31f3adba797c5

  • SHA1

    4bc89d09f2eb8a00cef09aa7b0be2837dbfd27ef

  • SHA256

    143f4628abbfbf5f79a51d7a9a3e368c20a88204217111d297d96de0a8c7d48a

  • SHA512

    7269eb02adc53cdbfffeedd9438c307833787d88588291d3234fb438c38dc52e3b64f66cb40bbbb00962743e85d8397a557e88cfb5da8e38fac598e5a10826bf

  • SSDEEP

    393216:AAs6bZtQp9W2FHdTYjbt9NrGV4uraZ5u:ZsEx2FHleIV/m

Score
7/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 21 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 6 IoCs
  • UPX packed file 34 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-03_9637b08a5424280dc9f31f3adba797c5_amadey_black-basta_elex_luca-stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-03_9637b08a5424280dc9f31f3adba797c5_amadey_black-basta_elex_luca-stealer.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Users\Admin\AppData\Local\Temp\2025-07-03_9637b08a5424280dc9f31f3adba797c5_amadey_black-basta_elex_luca-stealer.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-07-03_9637b08a5424280dc9f31f3adba797c5_amadey_black-basta_elex_luca-stealer.exe"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3388

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\VCRUNTIME140.dll

          Filesize

          88KB

          MD5

          81b11024a8ed0c9adfd5fbf6916b133c

          SHA1

          c87f446d9655ba2f6fddd33014c75dc783941c33

          SHA256

          eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829

          SHA512

          e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_asyncio.pyd

          Filesize

          33KB

          MD5

          efb7430ea7dd5861a481d6661fa4eda8

          SHA1

          23efa0d393dc609a1a1ab24ad2eae7b669f2eb17

          SHA256

          b98cfafced2a4eb0504cf17bef3607a038620890e18991a3e57f6e50b2c5628c

          SHA512

          ee989e797d2003fc1de86f1b2433a2441a96a0c021f7d3ecb4a8c190bdb79b7dcf33df2ba15ec6ef5dd241ad0476c70b0a79cd6c0648543a0936fd0df5c729f5

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_bz2.pyd

          Filesize

          44KB

          MD5

          682d2cdf7d684609be265a3c3429730c

          SHA1

          ff31a10f2873da4a09e3c700537670120ef38f31

          SHA256

          d7308202479b4f273b20641ac80957d008514437e9707023136ea7dc0739be1b

          SHA512

          5f2adbad6c983de02475b9b1c31b71504c3cea96ee5ecf66d4ec9f5b5a327bc77b68e39bee536076bed99287732be5330a4e407b59f3fc815cf64297905a0aa5

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_ctypes.pyd

          Filesize

          52KB

          MD5

          25b77cb263e80195f2991e006c13bada

          SHA1

          4ca5ac30cc3bf0176deecf39ead5e6f1a1bfbdad

          SHA256

          d856841807442b8862a9452f3e3578f27eaf9264fe90ad44a4cd05f70911fbc3

          SHA512

          d0f0d26fc88ffb28c451686163b46274397f9183f6066609ea3c431904e3631c43d46fc7e97747118cf0a20560c07f3860f15849d87871e000c425e18338bb8c

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_decimal.pyd

          Filesize

          79KB

          MD5

          d0d7e9d008812c35f64a64e6c0be2c6f

          SHA1

          9fa9e7fb84d1f574f727cdbf4c69b6515f763071

          SHA256

          f8faa09865173e3afb9649182904acb3fb4c505ba218bdd19859a55992a8f96d

          SHA512

          98f5acb988fae2dbf4af85c61fc45f48935f7ecdb3889c70737298cd2dcfcb18d1170ffdd3fc5fd8644cbac9fb184395fccdf96b5ddd34bed930effe2cd41d9b

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_elementtree.pyd

          Filesize

          51KB

          MD5

          ac8ef2b1db356d4d238ec4911179fbfb

          SHA1

          8c19ced7f1d8964bedbcf424a9f3f998cddbd19e

          SHA256

          110fbee671a0fc3523d7344cd9ba93670755109166ed73be99fe1ec65d38d03f

          SHA512

          9c097c2ea15b0456adce2f9d865239f46dc4767b583e3585c66e06cae283135def7d049e57a5bda130d005801bc201677b8e6847ad5395ccc74fc4abf26164a7

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_hashlib.pyd

          Filesize

          30KB

          MD5

          abfe44322550dd1081ea807f96f2e569

          SHA1

          c85f665ec2de2b13e964bce53a015a241526db79

          SHA256

          656405f876611e82d632d1d56914abb029e245ad7fc5aadd7f55c7bfd8f20ebf

          SHA512

          ac96ad1989033dd47a44451921c8e4275d846251ab308abd89c4073dc80b5571e49c2b9cdfa7d87838d85f79d0a58b185cfd7ff4d6f47d51e8ae7efbd21df2d2

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_lzma.pyd

          Filesize

          79KB

          MD5

          e8af1753cc55621ed45f8874fd52b0da

          SHA1

          859de5347ac4015cd1d1c795655abe7032a5926f

          SHA256

          0ed431d15938476a0f0bbdf41862111c2763f029eb2d8cebe179e05060cd8a56

          SHA512

          66ab11b8f8ed52794a27b55bc61298ffd3fa0d1384e3ce83d0d63e20076e002963d5355f36808f59e73789dde7bde6abe4184a0104f57b2ff7fb39bbb39f3041

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_multiprocessing.pyd

          Filesize

          25KB

          MD5

          4169241748995d228cb153fc03814583

          SHA1

          40aed515e55438d84ce2a7f0fc9931c2a9c4bc70

          SHA256

          7c67cbf2084f79e2ce70aa3bb7583352aa8957e7a8819277f0f91d5d2287e04c

          SHA512

          431e7a3b1c6c1798032335947c6f910f635738e288b3107da73907ebedb01c69ccd094f1e80397450892fff8f0e4fad173fb92775985cbed05bc97162b379594

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_overlapped.pyd

          Filesize

          29KB

          MD5

          5718246ebcd8c118c464c8a60db1ef82

          SHA1

          1ec06c47eeaba7da2ec38003997c3e071bb14412

          SHA256

          8680d9f587b54bbd87a979276652198bad0bc1a7b88ed273efbe154cd5fbca1e

          SHA512

          d6aade067cba3eb5fa1040c2284c932518d3d50586907e8dfb29dd061c615200c46fac189c99596595349bfc64c3d6860f8cf13bf0694eb938ff3eec64461681

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_queue.pyd

          Filesize

          24KB

          MD5

          05662a140852b5430e1bb7af0e700146

          SHA1

          ab0343f46cc284a9a3e8a3c7eaa950474b321deb

          SHA256

          9a9514c9ae139a91f963a88b3e967291335fdee22849d6e9cad422dbec14a868

          SHA512

          7b23300cf739b97e52fcc9b4556aba3001786fb57a4e1d3667c933639d2f3db2a2dfa84eea5efb54b9390c86cbe479df0e7a3668f9083611d015d848e75aaea0

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_socket.pyd

          Filesize

          38KB

          MD5

          64f5ec7cfee45326c0d92c7ce1a5fd39

          SHA1

          dafb0c8339a02d04f232055515ac45b3ee3b27a2

          SHA256

          816ce00c9e8cd196450686519263e9529e74f224fd1633908adc1a6bff603311

          SHA512

          d50ac7e1355d0ebb14cc397abcc06c4485a5691bd4fd2c4a74755cca55f391628f2d113da12e7cd6aa94bc27d0eddb19c99fe6c123f3da17ac772700a0899542

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_sqlite3.pyd

          Filesize

          44KB

          MD5

          73033ffa4811c1943071529bb3073db4

          SHA1

          bf430535280e0628fd3a6d6306db921e0c906cd5

          SHA256

          a4a955b11ddd519fcf1c5884cfbf25cc9424cd45ee3a37d88b43cb9c179352fb

          SHA512

          7a0c53f132d9c428e50ab828bc33b44651f5ffc35999c1bd3f9c12042d9d231190a435805efb599815dcac60d062b96e6db24a4806a5cb28e079756739faf5fa

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\_ssl.pyd

          Filesize

          58KB

          MD5

          8175be986e879a5c0a6487a66cfe9691

          SHA1

          485948d22a114c9b2a8c4b108576f06978505626

          SHA256

          5d2556d07bff789ad160c9917361fee613f8a67ef241fc2613aab92c8a30cf90

          SHA512

          374a20c9379126eb616e6655d34f16016e1624974d10b967b1be76a148d5ec00023d01684df9231988fa841a9b703046be82c1a8dd8f3439bf024c8f33e0a117

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\base_library.zip

          Filesize

          1.4MB

          MD5

          50ae0f1dc5a31014424cefd110c81ad6

          SHA1

          12b7453d08ed8a66de80d4e26decc49897261f97

          SHA256

          e2a76c2d317b670595e2abeca503581dac9490eda1abfd1aa32694306af067c2

          SHA512

          d20f1821ecc57d2155b10a36e1d224d8e0e26bbd4f557689e7a98e6094de74fc9cd14d7518e48b414bbef9557d153e4b863ba55b3feeb19f1a215060d4eeb4f3

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\libcrypto-1_1.dll

          Filesize

          757KB

          MD5

          ccb689d2e91a123e5aa392bab6a7371a

          SHA1

          dce18572ee4baa5e356135648f076a5deaf028e5

          SHA256

          dbe8e53702a432f5d243f38f373d93a336e940622d328a086ab4717c4c8a8bc5

          SHA512

          88c0f83d886b10d3290a8b00ed87e44916545a6fa1ba1a0cb54b35ab97fc5aa321c8406df077cc5c674b5a67be0985236d85fe978e6c5b2cc48fb9739908261b

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\libffi-8.dll

          Filesize

          28KB

          MD5

          cafe0a27f8f2cc6f5e4a4c6233bb954f

          SHA1

          6f8b66056d058a02b05e61b9090762ed7acced6f

          SHA256

          97ccb8542e8bbaf8c949683e8aba21b85e496a237c5543f8b2f6d90d9855b389

          SHA512

          dc2221584fc54f6c9e423f212294614a447f6a8274a61138910f2364ca7eae041c15c8d224c6b7f3f79581626a3151a27bfcedee95e65784d6e16e94ccfe6330

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\libopus-0.x64.dll

          Filesize

          217KB

          MD5

          e56f1b8c782d39fd19b5c9ade735b51b

          SHA1

          3d1dc7e70a655ba9058958a17efabe76953a00b4

          SHA256

          fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

          SHA512

          b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\libssl-1_1.dll

          Filesize

          173KB

          MD5

          2627931b595a97f273b2c9d3e3c21101

          SHA1

          1cc9af55266deda10e680e29615cb614c30f6c9e

          SHA256

          f33bd62889ac7b119d70da904f75581669548151aac3ab5cf55d9e2ec40f56c9

          SHA512

          c70703a5166026eeb6e6f6b6b2a3a493aded047e34a20513a50dbc6cd219939976fddc259df4309dcaa809efb861253ffad86cd12294e8425704f4bdceca83a0

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\pyexpat.pyd

          Filesize

          71KB

          MD5

          19bdc9b9c49daf83a537fd0e505e6cb8

          SHA1

          0cb073f8181b32b58d134cdbabc8a87f5cb939dc

          SHA256

          991b6b88169e1ee39d5054ddf162b5b9bbd4826d9c65a642317c91caf93ec381

          SHA512

          667afad835e20c5221c690c73dcea5ca990e13c01f0737c12a67fead3331a7bb44fff71cf3c77b7439c1ca49843856f7549d2ac63cf22fa211873f1365024edb

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\python311.dll

          Filesize

          1.4MB

          MD5

          ffd865296de4033ba7338ebc600e422c

          SHA1

          74d60e650c87541b4987122d19c6cf03f51a862f

          SHA256

          0ed8ff6bc1f89f8baccc9d3f215b7c7911587b6afd2dcae757ac5d10448963a4

          SHA512

          3c9b6103e44e9790fca2f6e862bcaf05ac3747679e4a9e03b43a6e1081b1f5b7598a04149344729dc10a9b4b76c6b4ddd93b563e111f448212a89a7ccea70b0a

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\select.pyd

          Filesize

          24KB

          MD5

          f3f45cbcb47ce0914e4298ed2b9ca04b

          SHA1

          efb9e008b78ab2700dca0a9cad2a9a665bf5978c

          SHA256

          0540caf9562eb8510a641702fd99ed0f66f3f429092dbc5c63579a5f11b6d4c0

          SHA512

          8dca8b3121adedd382f111373b6169cc2069bb66e7660825668619d6f92b87a9e96d7a4cfe3fb4aed1c4e249b2d7756952dfa2e5e024e621de3a2e01719baaff

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\sqlite3.dll

          Filesize

          494KB

          MD5

          51b4d2c9d307d3aa890ce557ab78fa1a

          SHA1

          7a80c70bc1ac49362e04d45c3202679cfd0fb6b6

          SHA256

          fd6c8a14d7d4f7159b140d859c6321fbc7ca21acc47b891934b6d51c35d8c30c

          SHA512

          cc73ffeb002170f207e5c7bf64c6b1aaa635d0ba7cd8c09f563e540cdf07c06681dd8896bf53beeb526c9955e73d6b48ec6c2e07c6ac9eba1699dd84b518c02e

        • C:\Users\Admin\AppData\Local\Temp\_MEI49802\unicodedata.pyd

          Filesize

          291KB

          MD5

          e3e2769cfbcbb077763d9df718ef9704

          SHA1

          39c48ab05c4fe6c5ec98022396340c1e01a37abc

          SHA256

          dee5b0f3c2f808f4b22bbdd6034225b5857ad2c94c46ae0d9763acb70bec8d6c

          SHA512

          a2d3fe8dc843e4de9498e463d985227f6c65bdcd807f3297252e56ec0b9bc1602d1d52a6ccb1caa90337b5926b60536cb4017dcaf1d0095eaaeda564c9d23dec

        • memory/3388-48-0x0000000075010000-0x0000000075518000-memory.dmp

          Filesize

          5.0MB

        • memory/3388-55-0x0000000074FB0000-0x0000000074FBD000-memory.dmp

          Filesize

          52KB

        • memory/3388-54-0x0000000074FC0000-0x0000000074FDF000-memory.dmp

          Filesize

          124KB

        • memory/3388-76-0x0000000074FA0000-0x0000000074FB0000-memory.dmp

          Filesize

          64KB

        • memory/3388-78-0x0000000074D40000-0x0000000074F9C000-memory.dmp

          Filesize

          2.4MB

        • memory/3388-79-0x0000000075010000-0x0000000075518000-memory.dmp

          Filesize

          5.0MB

        • memory/3388-80-0x0000000074FC0000-0x0000000074FDF000-memory.dmp

          Filesize

          124KB

        • memory/3388-86-0x0000000074FB0000-0x0000000074FBD000-memory.dmp

          Filesize

          52KB

        • memory/3388-87-0x0000000074FC0000-0x0000000074FDF000-memory.dmp

          Filesize

          124KB

        • memory/3388-85-0x0000000074D40000-0x0000000074F9C000-memory.dmp

          Filesize

          2.4MB

        • memory/3388-84-0x0000000074FA0000-0x0000000074FB0000-memory.dmp

          Filesize

          64KB

        • memory/3388-81-0x0000000075010000-0x0000000075518000-memory.dmp

          Filesize

          5.0MB