Analysis Overview
SHA256
f8df5267cac1b595adf683c78c611987b1ab447cae151896a96628db19d5346d
Threat Level: Likely malicious
The file 2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:55
Reported
2025-07-03 05:58
Platform
win10v2004-20250619-en
Max time kernel
137s
Max time network
147s
Command Line
Signatures
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 37.9.64.225:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 8.8.8.8:53 | cloudcdn-fra-02.cdn.yandex.net | udp |
| DE | 5.45.200.109:443 | cloudcdn-fra-02.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.ru | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | e0e68b9a2c0602f3f97eb69a6f3ff1bb |
| SHA1 | 5d53a90c17f093d63854297e1cd989cda0772028 |
| SHA256 | a6e47c401a024a0570fb894952105695cacac479e38b249832d5403d8166de01 |
| SHA512 | 320ebd2a226a8f44eec90bbafda132e12f6690742dd614c44279ff78a1a07525a98018beb21b081ad764c82d15dc5e98a984b61e561dfd8b922a8480430f3241 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | c351e74a1eb8d5893548c8a4f08a393e |
| SHA1 | 116789f099d729783eb3821005e4628ba511498a |
| SHA256 | 828e891d3aa39f52bcae08c0b73978b5c66d30ec90e1eff031b4e933230be369 |
| SHA512 | 94a417893159156cf771866aebf6ce07d81025e98d61309a31e526bd01d4243ee778551c0d6415697ed6683da8131b3bfb4747cd47c3c781038e9ba682f3757b |
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-03 05:55
Reported
2025-07-03 05:58
Platform
win11-20250610-en
Max time kernel
104s
Max time network
131s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9b46dc818d2f96b70951475d9b668c9a_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 37.9.64.225:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| DE | 5.45.200.109:443 | cloudcdn-fra-02.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 780caa06bc525ca1e7ecb5c3f876680a |
| SHA1 | 262f26b659a5b2fdf57464cbbd0e97a8b70fb357 |
| SHA256 | 2545040ff0482d4feb6b555ba232c6d8ef200bacfc748210cb93cb94b5fa4be8 |
| SHA512 | 7b14548f969d346bb586b1299ed4c22cd52922f066b847759b1d8c28e0b393e1af3c29357165b74a7d90376c15f7adbec40ace0d8f7f4063742e02f01624c562 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | 1496d6698919f249402fc9c149322de4 |
| SHA1 | 34386141e111a019c42238bc4d90ce192ab73d00 |
| SHA256 | e096aa0eda1f38c424c94ed2bc78c4f1643463a1b5ef1276ecd58bf5b7418763 |
| SHA512 | ea33aee8b5f162a74a1be2f8b1939d1c016794a8b6a70f844ec92e5d7c179ccbde0305b17b633a50a55b12ee23a94b7d67dbfa2338b3f418bb64c35bc98d351a |