Overview

overview

7

Static

static

3

2025-03-30...om.exe

windows7-x64

7

2025-03-30...om.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-30_ebaeff781fba498704424afecb091081_black-basta_cobalt-strike_satacom

  • Size

    19.2MB

  • Sample

    250330-xwxc9sxl14

  • MD5

    ebaeff781fba498704424afecb091081

  • SHA1

    4e9af6f04d88e8e5eb286cba492b4d68338ef6e9

  • SHA256

    30c60b3512c9cb1421406a40310dca5508d289c96126db5e8dff64129cd04e6d

  • SHA512

    9468aeb2d17eddb3720b37e9f01efe23290773e9587504b34cde7bb8c2678a43de8871413807f70c36692cc3c2734cdd701a0fb55c01dc3f2f07d507684af69a

  • SSDEEP

    393216:eu7L/1a/vUIjdQusl6CmHJ0KE5yZSQll9DoWOv+9fU7nKgN7PLT0fxJXvvV5:eCLdaFdQuRCmp0KuQxorvSMGG05J/

Score
7/10
executionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      2025-03-30_ebaeff781fba498704424afecb091081_black-basta_cobalt-strike_satacom

    • Size

      19.2MB

    • MD5

      ebaeff781fba498704424afecb091081

    • SHA1

      4e9af6f04d88e8e5eb286cba492b4d68338ef6e9

    • SHA256

      30c60b3512c9cb1421406a40310dca5508d289c96126db5e8dff64129cd04e6d

    • SHA512

      9468aeb2d17eddb3720b37e9f01efe23290773e9587504b34cde7bb8c2678a43de8871413807f70c36692cc3c2734cdd701a0fb55c01dc3f2f07d507684af69a

    • SSDEEP

      393216:eu7L/1a/vUIjdQusl6CmHJ0KE5yZSQll9DoWOv+9fU7nKgN7PLT0fxJXvvV5:eCLdaFdQuRCmp0KuQxorvSMGG05J/

    Score
    7/10
    executionspywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks