General

  • Target

    2025-04-04_aea50adde9a44873d825cefc60019b02_black-basta_cobalt-strike_satacom

  • Size

    6.3MB

  • Sample

    250404-sdenaayzbw

  • MD5

    aea50adde9a44873d825cefc60019b02

  • SHA1

    c11b0f5c6e42f2ed0ba0e121412b9a181e43b5cc

  • SHA256

    cfbf45007cd93be79ffa7d0f13899ef571d3aa46424cc7d9e1a2f212dfb0243d

  • SHA512

    9bc2fd4345b8f5238f88343f86c62a98509aff1cee92f79c1880eeffc6ce97abd70480adbb692b6dbc14600daf528669c56345a0abc044ee47e1bbc10a3d2599

  • SSDEEP

    196608:+xrvbUkFZ6pCPK6YYzaOFvcVLa7hwIFH4wXlD0:YpFNRLvga1w8H4wXlD0

Score
10/10

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\Protectultra_v3

  • inject_dll

    %windir%\SysWOW64\input.dll

xor.hex

Targets

    • Target

      2025-04-04_aea50adde9a44873d825cefc60019b02_black-basta_cobalt-strike_satacom

    • Size

      6.3MB

    • MD5

      aea50adde9a44873d825cefc60019b02

    • SHA1

      c11b0f5c6e42f2ed0ba0e121412b9a181e43b5cc

    • SHA256

      cfbf45007cd93be79ffa7d0f13899ef571d3aa46424cc7d9e1a2f212dfb0243d

    • SHA512

      9bc2fd4345b8f5238f88343f86c62a98509aff1cee92f79c1880eeffc6ce97abd70480adbb692b6dbc14600daf528669c56345a0abc044ee47e1bbc10a3d2599

    • SSDEEP

      196608:+xrvbUkFZ6pCPK6YYzaOFvcVLa7hwIFH4wXlD0:YpFNRLvga1w8H4wXlD0

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks