General
-
Target
2025-04-03_b1f943d518cffe28dd27b2126c9f21c0_black-basta_cobalt-strike_satacom
-
Size
17.6MB
-
Sample
250403-k92hxsxjs3
-
MD5
b1f943d518cffe28dd27b2126c9f21c0
-
SHA1
baf43b978982e3ce45933274ea4b4ef93be732b4
-
SHA256
7a45982cdfc4fac62b96925af5dd76b502f9d7b26def6ebdad3670aa31614515
-
SHA512
1803ad214d70d3e1b91e86111a2c2b432c5bb6d6362c371dfd9990dbe7a109e05806f06e26e78961cc07153d0060bdd96b9f7f9a8c181308d720ba254452b4ee
-
SSDEEP
393216:RqPnLFXlrPjgQpDOETgsvfG9Eg/1lvEagz8fLRk:4PLFXNP8QoEha1aBk
Malware Config
Targets
-
-
Target
2025-04-03_b1f943d518cffe28dd27b2126c9f21c0_black-basta_cobalt-strike_satacom
-
Size
17.6MB
-
MD5
b1f943d518cffe28dd27b2126c9f21c0
-
SHA1
baf43b978982e3ce45933274ea4b4ef93be732b4
-
SHA256
7a45982cdfc4fac62b96925af5dd76b502f9d7b26def6ebdad3670aa31614515
-
SHA512
1803ad214d70d3e1b91e86111a2c2b432c5bb6d6362c371dfd9990dbe7a109e05806f06e26e78961cc07153d0060bdd96b9f7f9a8c181308d720ba254452b4ee
-
SSDEEP
393216:RqPnLFXlrPjgQpDOETgsvfG9Eg/1lvEagz8fLRk:4PLFXNP8QoEha1aBk
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1