Analysis Overview
SHA256
d054156f2800b5e2a86c2f6a155176ad5de8cf79dd7cb703d0e6065e1ad5927e
Threat Level: Likely malicious
The file 2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:55
Reported
2025-07-03 05:58
Platform
win10v2004-20250610-en
Max time kernel
129s
Max time network
146s
Command Line
Signatures
Downloads MZ/PE file
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 37.9.64.225:443 | download.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | cloudcdn-fra-01.cdn.yandex.net | udp |
| DE | 5.45.200.107:443 | cloudcdn-fra-01.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 37.9.64.225:443 | download.cdn.yandex.net | tcp |
| DE | 5.45.200.107:443 | cloudcdn-fra-01.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | b583b41e16fa25f6addc91f581960d67 |
| SHA1 | ce228474564fbc1ca48b01e67bf97a37fdfc5145 |
| SHA256 | f23bbb7f62933a473759aeeb158941a6aa558ccd1aa56ccd1b1b951a853b10b2 |
| SHA512 | 3b0a785703a6b63921734ec18a78cecaeb0a96aa955a940a770f20d8ac3dc8c1c66791ddb59bc97154c3e4f1ed883d913e182f460146099d706eef5681c47911 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | fd5167003d084e096504a71815f3725a |
| SHA1 | bc83cff1ce13c7567a21a23444695ff51797ef73 |
| SHA256 | d35ec43c209840652409f3198a0c7c028496fadad71dd1b9f0f59f1f529db672 |
| SHA512 | 4da1810dec5561a584fc063718195e0a5ee4baf6b7021c8a29c0bf2bab38518d4111baccbb094d0fbf24dee31c28d0e65c1911ed7eb857b293dc12d50188a95c |
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-03 05:55
Reported
2025-07-03 05:58
Platform
win11-20250610-en
Max time kernel
101s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| RU | 37.9.64.225:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| DE | 5.45.200.107:443 | cloudcdn-fra-01.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 7811802553be5ad2214ab1b56f2d0fcb |
| SHA1 | f1b2dfb2bb3eadc9530eacd2f164898ee57f0565 |
| SHA256 | a5f4aa72d30295a27ba9073b4dcc902268b3d3d75f3d3b5d53462c11c47ce123 |
| SHA512 | df28eeeb7a5f1eb8242466dbd2d5e8961eb46eed5b85cbfd5c32c12421c72a603c12de9745140e3296ae8d982bf789c38e4d14250b47b61824af4412f31090b1 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | b535210cf0dee6c8fdd5a8d6e15f0334 |
| SHA1 | 5b7c7a9a328e0250dcf5dcd62a97b4c6921c57fa |
| SHA256 | b7467a77864fb0d6589fc4acf1b7d4493469f58ad452a0be9d2ce2d8ee3d062e |
| SHA512 | 26fada0422f7504754755b756cb6bba972bbc82b93b70de5af4a6ff4ca46eaf3037d2c471cd8363d632cf907daf162e6670cdfa03276ebf3e8088ded3bd8746c |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | dff0925ca6b3e68647998f1af0c651dc |
| SHA1 | 2cf9240305eedfcfd43e9cfb02dbfa9350ead84b |
| SHA256 | c47aadde358aab08f1897f0efb7c3a23c1f960adb17fce62c8ce16824a0d022a |
| SHA512 | 68e3e011f23b48dce024fb43a2f9c06b05a68525718bc458f3022c1f5de12542925cbf53f65d4a59904a7b881b65e892365244d5dcec0ac18ead4006062f4cd2 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | f98b166d95f0f39fbbc1ef5d4cac54b6 |
| SHA1 | a71fec34baebcdca5b995d377f78f07cdc65d04e |
| SHA256 | 0c91d69e3289eb3c1a89cf5b7bc275e3a23c43f8f8221758798369d06da3ab1d |
| SHA512 | dba2efcabe42035ce3dce22766d027fc6b3835ea6c322d6e5776b8e79c22e2a547a10deae0b8ae03316fca597d2597b13ee15456a1929ca011b36f97db3f4d6d |