Analysis

  • max time kernel
    100s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250610-en
  • resource tags

    arch:x64arch:x86image:win11-20250610-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03/07/2025, 05:55

General

  • Target

    2025-07-03_80e5cef616f0ee64db2ee63b27f557c4_amadey_black-basta_elex_luca-stealer_smoke-loader.exe

  • Size

    964KB

  • MD5

    80e5cef616f0ee64db2ee63b27f557c4

  • SHA1

    ebb482f9613702694275cdf36123eb034b03afc4

  • SHA256

    6b3b36bf06aa6bfe96704d5400f78853ac7a3bec6ad2237ebd77d4845a95d428

  • SHA512

    46617c7629cf0ca61de6776dc52d1657af4fefb4523375b037aeaecfa2dbe5e98107c4a620dd1a0fc434f85148c614a6e7e3780abf6e8913f86b9ff0747f7da0

  • SSDEEP

    24576:BkpJf+G5bBSE3bwmiIQDFOY4gNhi6efmvIidZhyCjlznXV:c+6bBSE3bwmiIQJ1Nhi6zvIidZhjjlzV

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-03_80e5cef616f0ee64db2ee63b27f557c4_amadey_black-basta_elex_luca-stealer_smoke-loader.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-03_80e5cef616f0ee64db2ee63b27f557c4_amadey_black-basta_elex_luca-stealer_smoke-loader.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\2025-07-03_80e5cef616f0ee64db2ee63b27f557c4_amadey_black-basta_elex_luca-stealer_smoke-loader.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-07-03_80e5cef616f0ee64db2ee63b27f557c4_amadey_black-basta_elex_luca-stealer_smoke-loader.exe" -Admin
      2⤵
      • Writes to the Master Boot Record (MBR)
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2036

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads