General
-
Target
2025-05-08_7ec36ab8f0ae122dcad529ea8a8b80fb_amadey_black-basta_elex_hijackloader_luca-stealer
-
Size
9.5MB
-
Sample
250508-enc1jsx1aw
-
MD5
7ec36ab8f0ae122dcad529ea8a8b80fb
-
SHA1
b7298b8f6d3e64c1e3d2f64dca4dd291d7f134aa
-
SHA256
a2225b2e2ebf06a8678ae7cc80656e2c8de9ab0305b99c467512d1564e2de086
-
SHA512
1b3a8474ffc224a6c12012df0ae1f46c2dd9c01a49759ad0f7504ac26b9f800d865b3a395db6ca4f2a9b6a543d4f90b4e67c5db76945a5ab50585bb379a7e9dc
-
SSDEEP
98304:gyyqWyWy0GyqWyWyMRPC1eHL5dGYSEYvN:z1eHL5dEvN
Malware Config
Targets
-
-
Target
2025-05-08_7ec36ab8f0ae122dcad529ea8a8b80fb_amadey_black-basta_elex_hijackloader_luca-stealer
-
Size
9.5MB
-
MD5
7ec36ab8f0ae122dcad529ea8a8b80fb
-
SHA1
b7298b8f6d3e64c1e3d2f64dca4dd291d7f134aa
-
SHA256
a2225b2e2ebf06a8678ae7cc80656e2c8de9ab0305b99c467512d1564e2de086
-
SHA512
1b3a8474ffc224a6c12012df0ae1f46c2dd9c01a49759ad0f7504ac26b9f800d865b3a395db6ca4f2a9b6a543d4f90b4e67c5db76945a5ab50585bb379a7e9dc
-
SSDEEP
98304:gyyqWyWy0GyqWyWyMRPC1eHL5dGYSEYvN:z1eHL5dEvN
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
8