General

  • Target

    2025-04-05_969282287e5be1610de933ef5d80732e_black-basta_cobalt-strike_satacom

  • Size

    6.3MB

  • Sample

    250405-dprdwsyvcw

  • MD5

    969282287e5be1610de933ef5d80732e

  • SHA1

    a84c4c819b8f8498d4df9be3532b52ba0c60dfd0

  • SHA256

    4ed28eb33e0c95837d8d8ede7bd4935c2aa26c6e035188224c1d6b058ff8c874

  • SHA512

    543235a717135235cfcfa9e6be37e8a0a1813dd4a424f19e6aa2f5fdd088e3d2967bf2f2a73f9cbfcf0252e7c046821aa1fa2210d4f0c473b659f33958ae5d5b

  • SSDEEP

    196608:+xCvbUpFZ6pCPK6YYzaOFvcVLa7hwIFQf6jEnoDj:lgFNRLvga1w8Qf6EoDj

Score
10/10

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\fkd_Control_test

  • inject_dll

    %windir%\SysWOW64\input.dll

xor.hex

Targets

    • Target

      2025-04-05_969282287e5be1610de933ef5d80732e_black-basta_cobalt-strike_satacom

    • Size

      6.3MB

    • MD5

      969282287e5be1610de933ef5d80732e

    • SHA1

      a84c4c819b8f8498d4df9be3532b52ba0c60dfd0

    • SHA256

      4ed28eb33e0c95837d8d8ede7bd4935c2aa26c6e035188224c1d6b058ff8c874

    • SHA512

      543235a717135235cfcfa9e6be37e8a0a1813dd4a424f19e6aa2f5fdd088e3d2967bf2f2a73f9cbfcf0252e7c046821aa1fa2210d4f0c473b659f33958ae5d5b

    • SSDEEP

      196608:+xCvbUpFZ6pCPK6YYzaOFvcVLa7hwIFQf6jEnoDj:lgFNRLvga1w8Qf6EoDj

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks