Malware Analysis Report

2025-08-10 19:53

Sample ID 250703-gms2gsvns6
Target 2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer
SHA256 d054156f2800b5e2a86c2f6a155176ad5de8cf79dd7cb703d0e6065e1ad5927e
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d054156f2800b5e2a86c2f6a155176ad5de8cf79dd7cb703d0e6065e1ad5927e

Threat Level: Likely malicious

The file 2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:55

Reported

2025-07-03 05:58

Platform

win10v2004-20250610-en

Max time kernel

129s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 37.9.64.225:443 download.cdn.yandex.net tcp
US 8.8.8.8:53 cloudcdn-fra-01.cdn.yandex.net udp
DE 5.45.200.107:443 cloudcdn-fra-01.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 37.9.64.225:443 download.cdn.yandex.net tcp
DE 5.45.200.107:443 cloudcdn-fra-01.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 b583b41e16fa25f6addc91f581960d67
SHA1 ce228474564fbc1ca48b01e67bf97a37fdfc5145
SHA256 f23bbb7f62933a473759aeeb158941a6aa558ccd1aa56ccd1b1b951a853b10b2
SHA512 3b0a785703a6b63921734ec18a78cecaeb0a96aa955a940a770f20d8ac3dc8c1c66791ddb59bc97154c3e4f1ed883d913e182f460146099d706eef5681c47911

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 fd5167003d084e096504a71815f3725a
SHA1 bc83cff1ce13c7567a21a23444695ff51797ef73
SHA256 d35ec43c209840652409f3198a0c7c028496fadad71dd1b9f0f59f1f529db672
SHA512 4da1810dec5561a584fc063718195e0a5ee4baf6b7021c8a29c0bf2bab38518d4111baccbb094d0fbf24dee31c28d0e65c1911ed7eb857b293dc12d50188a95c

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-03 05:55

Reported

2025-07-03 05:58

Platform

win11-20250610-en

Max time kernel

101s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9c41dac10ae486510808a5da592ca473_amadey_black-basta_darkgate_elex_luca-stealer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 api.browser.yandex.net udp
US 8.8.8.8:53 download.cdn.yandex.net udp
RU 37.9.64.225:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
DE 5.45.200.107:443 cloudcdn-fra-01.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
GB 142.250.179.227:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 7811802553be5ad2214ab1b56f2d0fcb
SHA1 f1b2dfb2bb3eadc9530eacd2f164898ee57f0565
SHA256 a5f4aa72d30295a27ba9073b4dcc902268b3d3d75f3d3b5d53462c11c47ce123
SHA512 df28eeeb7a5f1eb8242466dbd2d5e8961eb46eed5b85cbfd5c32c12421c72a603c12de9745140e3296ae8d982bf789c38e4d14250b47b61824af4412f31090b1

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 b535210cf0dee6c8fdd5a8d6e15f0334
SHA1 5b7c7a9a328e0250dcf5dcd62a97b4c6921c57fa
SHA256 b7467a77864fb0d6589fc4acf1b7d4493469f58ad452a0be9d2ce2d8ee3d062e
SHA512 26fada0422f7504754755b756cb6bba972bbc82b93b70de5af4a6ff4ca46eaf3037d2c471cd8363d632cf907daf162e6670cdfa03276ebf3e8088ded3bd8746c

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 dff0925ca6b3e68647998f1af0c651dc
SHA1 2cf9240305eedfcfd43e9cfb02dbfa9350ead84b
SHA256 c47aadde358aab08f1897f0efb7c3a23c1f960adb17fce62c8ce16824a0d022a
SHA512 68e3e011f23b48dce024fb43a2f9c06b05a68525718bc458f3022c1f5de12542925cbf53f65d4a59904a7b881b65e892365244d5dcec0ac18ead4006062f4cd2

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 f98b166d95f0f39fbbc1ef5d4cac54b6
SHA1 a71fec34baebcdca5b995d377f78f07cdc65d04e
SHA256 0c91d69e3289eb3c1a89cf5b7bc275e3a23c43f8f8221758798369d06da3ab1d
SHA512 dba2efcabe42035ce3dce22766d027fc6b3835ea6c322d6e5776b8e79c22e2a547a10deae0b8ae03316fca597d2597b13ee15456a1929ca011b36f97db3f4d6d