Extracted

• • Target

    2025-04-02_cd54780ee2213a05468fa0d24eedd576_bitrat_black-basta_cobalt-strike_luca-stealer

  • Size

    418KB

  • MD5

    cd54780ee2213a05468fa0d24eedd576

  • SHA1

    011894f40bab6963133d46a1976fa587a4b66378

  • SHA256

    6782ad0c3efc0d0520dc2088e952c504f6a069c36a0308b88c7daadd600250a9

  • SHA512

    e41e327ecb7859bfb47bbdff5f45097e328e4339e85035b0e2f9a2d8b31c1a5bd135fa047dce003d497b049312ff0d67c7221a17f526b369f6640b2e3cb4594e

  • SSDEEP

    12288:FnvxplpMAX99S4B009MqyQMKNT7tDfAD8xE:FvxplpMAtU4Bl9MdQFT7tDIoS

  Score

  10^/10

  dragonforcecredential_accessdiscoveryransomwarespywarestealer

  • DragonForce

    Ransomware family based on Lockbit that was first observed in November 2023.

    ransomwaredragonforce

  • Dragonforce family

    dragonforce

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1