Analysis
-
max time kernel
129s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2025, 05:55
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe
Resource
win11-20250610-en
General
-
Target
2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe
-
Size
9.7MB
-
MD5
9c41dac10ae486510808a5da592ca473
-
SHA1
53c192a67787f26d6ec8e61086fdd0b5a7eb40c7
-
SHA256
d054156f2800b5e2a86c2f6a155176ad5de8cf79dd7cb703d0e6065e1ad5927e
-
SHA512
8c5d91553a5995d9d369cf83d404da26359590faa55f8acb06d0f065315aa2d762dd316097bd725fbcc9544e5f8024c9d99079875f5366d51092b0f438ea1d4c
-
SSDEEP
98304:hnrarj8kohy/QOucDGdta0aJgi14xNTEY9xFUkcVwNSHfbv/kaIhThwM:hraMb6DGPbGgi14NTx9Pe20/zkaiuM
Malware Config
Signatures
-
Downloads MZ/PE file 2 IoCs
flow pid Process 32 3936 2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe 77 3936 2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3936 2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe"1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3936
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5b583b41e16fa25f6addc91f581960d67
SHA1ce228474564fbc1ca48b01e67bf97a37fdfc5145
SHA256f23bbb7f62933a473759aeeb158941a6aa558ccd1aa56ccd1b1b951a853b10b2
SHA5123b0a785703a6b63921734ec18a78cecaeb0a96aa955a940a770f20d8ac3dc8c1c66791ddb59bc97154c3e4f1ed883d913e182f460146099d706eef5681c47911
-
Filesize
38B
MD5fd5167003d084e096504a71815f3725a
SHA1bc83cff1ce13c7567a21a23444695ff51797ef73
SHA256d35ec43c209840652409f3198a0c7c028496fadad71dd1b9f0f59f1f529db672
SHA5124da1810dec5561a584fc063718195e0a5ee4baf6b7021c8a29c0bf2bab38518d4111baccbb094d0fbf24dee31c28d0e65c1911ed7eb857b293dc12d50188a95c