General

  • Target

    2025-07-04_10a14d1d26aaa8ee5e158d3140973871_agent-tesla_amadey_black-basta_elex_luca-stealer

  • Size

    2.6MB

  • Sample

    250704-ymrxvsxycy

  • MD5

    10a14d1d26aaa8ee5e158d3140973871

  • SHA1

    b1255587dc53f0ac5fe381b68fc020be098b6122

  • SHA256

    58cbf6ca0cea5a58c9fcf795f24ecb375397268d30dbf98a2b55b9057f706f29

  • SHA512

    5dc787c8aa829f6720b00dafa76f6c88952ea8ff4b7946a94a768bd0811e5c45e5ba088e97c85f2d1ea71ff9d2299cc8941bc8f04293ba9200f53643b366d6ca

  • SSDEEP

    49152:iPVt3LZeJbInQRa0ru26yXdmewByO9QaE6jHkCcf43Dmg27RnWGj:A7YbInQzdzwcJ67xcfWD527BWG

Malware Config

Targets

    • Target

      2025-07-04_10a14d1d26aaa8ee5e158d3140973871_agent-tesla_amadey_black-basta_elex_luca-stealer

    • Size

      2.6MB

    • MD5

      10a14d1d26aaa8ee5e158d3140973871

    • SHA1

      b1255587dc53f0ac5fe381b68fc020be098b6122

    • SHA256

      58cbf6ca0cea5a58c9fcf795f24ecb375397268d30dbf98a2b55b9057f706f29

    • SHA512

      5dc787c8aa829f6720b00dafa76f6c88952ea8ff4b7946a94a768bd0811e5c45e5ba088e97c85f2d1ea71ff9d2299cc8941bc8f04293ba9200f53643b366d6ca

    • SSDEEP

      49152:iPVt3LZeJbInQRa0ru26yXdmewByO9QaE6jHkCcf43Dmg27RnWGj:A7YbInQzdzwcJ67xcfWD527BWG

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks