Extracted

• • Target

    2025-03-31_91acae0fff5ecbf0b65c3ddebb5a824a_bitrat_black-basta_cobalt-strike_luca-stealer

  • Size

    418KB

  • MD5

    91acae0fff5ecbf0b65c3ddebb5a824a

  • SHA1

    229e073dbcbb72bdfee2c244e5d066ad949d2582

  • SHA256

    8a193db0ff08237f63c036d422f52276a4e575476763dc391455ed5b12269c07

  • SHA512

    bdaa57605db2d8dcb05d60ca79cc3ea038ae40fd5ef932ac68dc0687c8b6d187961012be3032caf6f35b609fd2f0089189a50f5d2b208c3a93f9e81e8c0326fc

  • SSDEEP

    12288:FnvxplpMAX99S4B009MqyQMKNT7ZxfAD8xE:FvxplpMAtU4Bl9MdQFT7ZxIoS

  Score

  10^/10

  dragonforcecredential_accessdiscoveryransomwarespywarestealer

  • DragonForce

    Ransomware family based on Lockbit that was first observed in November 2023.

    ransomwaredragonforce

  • Dragonforce family

    dragonforce

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1