Overview

overview

10

Static

static

10

2025-03-30...om.exe

windows7-x64

7

2025-03-30...om.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-30_40cce5a074d7d41f24b79f293e4a7bc5_black-basta_cobalt-strike_satacom

  • Size

    20.9MB

  • Sample

    250330-wq5l1stvat

  • MD5

    40cce5a074d7d41f24b79f293e4a7bc5

  • SHA1

    3a7206262e5977dcb9d0179e5b5f04a45cb53b6c

  • SHA256

    bc424fa116202a1cca16fc04a8ae6a211e3783ddb460faa6b22f565f360c1c11

  • SHA512

    310c4d62dd5a06226b0e5a7a9a5bd4c64b15c44703e8e618ce9c944276eac3e879182943e062db0e364f7b9699514a3d54d82fb2040e81cf50627637e9406fb3

  • SSDEEP

    393216:89YiVVlj87dt8WdqODLfHqO1UTdQJl3wF3MnG3CblCOL/AJ0bderWM4uYyk5aH:89YiVVl8ZO8ETdQC3MGVOb1b6UA

Score
10/10
cstealercredential_accessdiscoverypyinstallerspywarestealer

Malware Config

Targets

    • Target

      2025-03-30_40cce5a074d7d41f24b79f293e4a7bc5_black-basta_cobalt-strike_satacom

    • Size

      20.9MB

    • MD5

      40cce5a074d7d41f24b79f293e4a7bc5

    • SHA1

      3a7206262e5977dcb9d0179e5b5f04a45cb53b6c

    • SHA256

      bc424fa116202a1cca16fc04a8ae6a211e3783ddb460faa6b22f565f360c1c11

    • SHA512

      310c4d62dd5a06226b0e5a7a9a5bd4c64b15c44703e8e618ce9c944276eac3e879182943e062db0e364f7b9699514a3d54d82fb2040e81cf50627637e9406fb3

    • SSDEEP

      393216:89YiVVlj87dt8WdqODLfHqO1UTdQJl3wF3MnG3CblCOL/AJ0bderWM4uYyk5aH:89YiVVl8ZO8ETdQC3MGVOb1b6UA

    Score
    10/10
    cstealercredential_accessdiscoveryspywarestealer

    • CStealer

      CStealer is an open-source infostealer written in Python and packaged with PyInstaller.

      stealercstealer

    • Cstealer family

      cstealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.