General

  • Target

    2025-03-31_7b1d333ad07a1743b3454bd913643fba_black-basta_cobalt-strike_coinminer_satacom_zxxz

  • Size

    33.7MB

  • Sample

    250401-ar22masqv9

  • MD5

    7b1d333ad07a1743b3454bd913643fba

  • SHA1

    15ec262332264532b5f06f52960b998b9a472f51

  • SHA256

    1eb3184557e9800d48f23152899072aa4e53bb72141c9af3acf0be7472dff165

  • SHA512

    de78780b4a8a62ec8889d0bd22b3de61f70809dd8a3d44fe511b03933a760256f37d66cda99b3425d99ade2e4ca2e117be22d8e3a7a737764ef0e4b6eab75def

  • SSDEEP

    393216:d76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfYnVQx4urYsANulL7Np:d0LoCOn+2Ys4urYDNulLBiu1

Malware Config

Targets

    • Target

      2025-03-31_7b1d333ad07a1743b3454bd913643fba_black-basta_cobalt-strike_coinminer_satacom_zxxz

    • Size

      33.7MB

    • MD5

      7b1d333ad07a1743b3454bd913643fba

    • SHA1

      15ec262332264532b5f06f52960b998b9a472f51

    • SHA256

      1eb3184557e9800d48f23152899072aa4e53bb72141c9af3acf0be7472dff165

    • SHA512

      de78780b4a8a62ec8889d0bd22b3de61f70809dd8a3d44fe511b03933a760256f37d66cda99b3425d99ade2e4ca2e117be22d8e3a7a737764ef0e4b6eab75def

    • SSDEEP

      393216:d76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfYnVQx4urYsANulL7Np:d0LoCOn+2Ys4urYDNulLBiu1

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Stormkitty family

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks