Overview

overview

10

Static

static

3

2025-03-26...om.exe

windows7-x64

10

2025-03-26...om.exe

windows10-2004-x64

10

Resubmissions

28/03/2025, 22:50

250328-2r89gsvly8 10

26/03/2025, 18:56

250326-xlfmrssqz9 10

26/03/2025, 18:17

250326-wxdf4szyc1 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom

  • Size

    502KB

  • Sample

    250326-xlfmrssqz9

  • MD5

    17cc347c7c544e98a18dacf02a25d619

  • SHA1

    263aa440a706fe3aa909fd8b212185340e7ede94

  • SHA256

    30a4d2ae21ec90ebdd415b90d2fe670ac5c0ffe54d0d8f7a01a54910ba1a8c45

  • SHA512

    e686ac882f4fdbe0efb0833186640d61d75b3132d026e5f2e1da35a01efca371e63cea3953a33dfb29ce130e6b3e0103bfbda099fc3da092364cc43427e15aeb

  • SSDEEP

    6144:eo2mNDxqElXchsLP3JRBNGJLEAxSKfC5ogn3WJGBV50DErWuuzgXmPdt:eo2BYd73FWLExKfcoaWJtDTv

Score
10/10
lockbitdiscoverypersistenceprivilege_escalationransomware

Malware Config

Targets

    • Target

      2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom

    • Size

      502KB

    • MD5

      17cc347c7c544e98a18dacf02a25d619

    • SHA1

      263aa440a706fe3aa909fd8b212185340e7ede94

    • SHA256

      30a4d2ae21ec90ebdd415b90d2fe670ac5c0ffe54d0d8f7a01a54910ba1a8c45

    • SHA512

      e686ac882f4fdbe0efb0833186640d61d75b3132d026e5f2e1da35a01efca371e63cea3953a33dfb29ce130e6b3e0103bfbda099fc3da092364cc43427e15aeb

    • SSDEEP

      6144:eo2mNDxqElXchsLP3JRBNGJLEAxSKfC5ogn3WJGBV50DErWuuzgXmPdt:eo2BYd73FWLExKfcoaWJtDTv

    Score
    10/10
    lockbitransomwarediscoverypersistenceprivilege_escalation

    • Lockbit

      Ransomware family with multiple variants released since late 2019.

      ransomwarelockbit

    • Lockbit family

      lockbit

    • Renames multiple (162) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Modifies system executable filetype association

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks