General
-
Target
2025-04-04_aea50adde9a44873d825cefc60019b02_black-basta_cobalt-strike_satacom
-
Size
6.3MB
-
Sample
250404-r7bm2s1ny2
-
MD5
aea50adde9a44873d825cefc60019b02
-
SHA1
c11b0f5c6e42f2ed0ba0e121412b9a181e43b5cc
-
SHA256
cfbf45007cd93be79ffa7d0f13899ef571d3aa46424cc7d9e1a2f212dfb0243d
-
SHA512
9bc2fd4345b8f5238f88343f86c62a98509aff1cee92f79c1880eeffc6ce97abd70480adbb692b6dbc14600daf528669c56345a0abc044ee47e1bbc10a3d2599
-
SSDEEP
196608:+xrvbUkFZ6pCPK6YYzaOFvcVLa7hwIFH4wXlD0:YpFNRLvga1w8H4wXlD0
Behavioral task
behavioral1
Sample
2025-04-04_aea50adde9a44873d825cefc60019b02_black-basta_cobalt-strike_satacom.exe
Resource
win10v2004-20250313-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\Protectultra_v3
-
inject_dll
%windir%\SysWOW64\input.dll
Targets
-
-
Target
2025-04-04_aea50adde9a44873d825cefc60019b02_black-basta_cobalt-strike_satacom
-
Size
6.3MB
-
MD5
aea50adde9a44873d825cefc60019b02
-
SHA1
c11b0f5c6e42f2ed0ba0e121412b9a181e43b5cc
-
SHA256
cfbf45007cd93be79ffa7d0f13899ef571d3aa46424cc7d9e1a2f212dfb0243d
-
SHA512
9bc2fd4345b8f5238f88343f86c62a98509aff1cee92f79c1880eeffc6ce97abd70480adbb692b6dbc14600daf528669c56345a0abc044ee47e1bbc10a3d2599
-
SSDEEP
196608:+xrvbUkFZ6pCPK6YYzaOFvcVLa7hwIFH4wXlD0:YpFNRLvga1w8H4wXlD0
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-