General

  • Target

    2025-04-05_77c10ac8ce25a08875c6a069944b0483_black-basta_cobalt-strike_satacom

  • Size

    6.3MB

  • Sample

    250405-kn7stawny8

  • MD5

    77c10ac8ce25a08875c6a069944b0483

  • SHA1

    21bc4ff47ca83f2ee2c98cf2f132150eb45fb44b

  • SHA256

    ed92c57a7b7988318fce44db80c515e19f434b3b3a039c184e25d95ba450565b

  • SHA512

    d9b01d4a3c692359356249a92d92bac4db4e94223a98f194b1b2442a2c8aa534df8a5b425d119ea0ff76f82259be75518a26684229d44432826389079d76bb20

  • SSDEEP

    196608:+x+f6jEnoDPvbUpFZ6pCPK6YYzaOFvcVLa7hwIFA:xf6EoDPgFNRLvga1w8A

Score
10/10

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\fkd_Control_test

  • inject_dll

    %windir%\SysWOW64\input.dll

xor.hex

Targets

    • Target

      2025-04-05_77c10ac8ce25a08875c6a069944b0483_black-basta_cobalt-strike_satacom

    • Size

      6.3MB

    • MD5

      77c10ac8ce25a08875c6a069944b0483

    • SHA1

      21bc4ff47ca83f2ee2c98cf2f132150eb45fb44b

    • SHA256

      ed92c57a7b7988318fce44db80c515e19f434b3b3a039c184e25d95ba450565b

    • SHA512

      d9b01d4a3c692359356249a92d92bac4db4e94223a98f194b1b2442a2c8aa534df8a5b425d119ea0ff76f82259be75518a26684229d44432826389079d76bb20

    • SSDEEP

      196608:+x+f6jEnoDPvbUpFZ6pCPK6YYzaOFvcVLa7hwIFA:xf6EoDPgFNRLvga1w8A

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks