Analysis

  • max time kernel
    104s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250619-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2025, 12:18

General

  • Target

    2025-07-04_ec1442bdce32615359d3ea3f40e68f08_amadey_black-basta_elex_hijackloader_nymaim_ramnit_rhada.exe

  • Size

    8.8MB

  • MD5

    ec1442bdce32615359d3ea3f40e68f08

  • SHA1

    dcce8a49877788ee0c1e5aa7a60dbc56f6df9399

  • SHA256

    e9920abdd6c85d8b633bab9d300c266d22a4a3b5808d9b347a3ebcc36dd866c5

  • SHA512

    1c97537049ad44d13f6b1b3592bdc0dedb56709b11bcb9637c0dbec391c956fb8ce5800bab07373c21ee899c8f13ae30d488ebc99f36216d803b0563d7b62d03

  • SSDEEP

    98304:+O4mO4VOO77GBfWJs+CgaqVsKIDQsIDQDo1FbBH26Z5xF7x5Qe67S49:AIYcGBfWSjWsKuQsuQk1lT5K779

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-04_ec1442bdce32615359d3ea3f40e68f08_amadey_black-basta_elex_hijackloader_nymaim_ramnit_rhada.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-04_ec1442bdce32615359d3ea3f40e68f08_amadey_black-basta_elex_hijackloader_nymaim_ramnit_rhada.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:5896

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

          Filesize

          10.9MB

          MD5

          bbe75266f42de9d095b2c2cec6cca459

          SHA1

          5e363670551b66e446c5d0dd2c6f2275b5f6dc5e

          SHA256

          608096e9a2ee07c2afb6eaffae904ea4c5044753ab1cee9d8dc7bc98e6c38947

          SHA512

          d3b9fa6970732329f2528fed50ac882d13e45b668ef18b9a05a0acc94d81fbe423033e6ffd2766b66cee61df99973f9bec0e51a928ace403b5072840a4ee5ed9