General
-
Target
2025-04-05_77c10ac8ce25a08875c6a069944b0483_black-basta_cobalt-strike_satacom
-
Size
6.3MB
-
Sample
250405-kn7stawny8
-
MD5
77c10ac8ce25a08875c6a069944b0483
-
SHA1
21bc4ff47ca83f2ee2c98cf2f132150eb45fb44b
-
SHA256
ed92c57a7b7988318fce44db80c515e19f434b3b3a039c184e25d95ba450565b
-
SHA512
d9b01d4a3c692359356249a92d92bac4db4e94223a98f194b1b2442a2c8aa534df8a5b425d119ea0ff76f82259be75518a26684229d44432826389079d76bb20
-
SSDEEP
196608:+x+f6jEnoDPvbUpFZ6pCPK6YYzaOFvcVLa7hwIFA:xf6EoDPgFNRLvga1w8A
Behavioral task
behavioral1
Sample
2025-04-05_77c10ac8ce25a08875c6a069944b0483_black-basta_cobalt-strike_satacom.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\fkd_Control_test
-
inject_dll
%windir%\SysWOW64\input.dll
Targets
-
-
Target
2025-04-05_77c10ac8ce25a08875c6a069944b0483_black-basta_cobalt-strike_satacom
-
Size
6.3MB
-
MD5
77c10ac8ce25a08875c6a069944b0483
-
SHA1
21bc4ff47ca83f2ee2c98cf2f132150eb45fb44b
-
SHA256
ed92c57a7b7988318fce44db80c515e19f434b3b3a039c184e25d95ba450565b
-
SHA512
d9b01d4a3c692359356249a92d92bac4db4e94223a98f194b1b2442a2c8aa534df8a5b425d119ea0ff76f82259be75518a26684229d44432826389079d76bb20
-
SSDEEP
196608:+x+f6jEnoDPvbUpFZ6pCPK6YYzaOFvcVLa7hwIFA:xf6EoDPgFNRLvga1w8A
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-