General
-
Target
2025-04-12_e82746085ec13065e544a7df54a153bf_black-basta_cobalt-strike_satacom
-
Size
30.9MB
-
Sample
250412-cqr65svqv7
-
MD5
e82746085ec13065e544a7df54a153bf
-
SHA1
8e80cf7be1b9af9b4c0576d8eb3567143c6df7e9
-
SHA256
607f7702eedd524682be19d4aaf1995c08e2acd3733f88dd01bcef0d4c962a47
-
SHA512
c9d232c882151ad8bf2007658ffff42d025983aaa6cbaa1c00092db8c7d9a4e4341392a3581c535e22b2207920cb2245c066de16acf72d6f2c82b177a46656c4
-
SSDEEP
786432:OtIuqEuqQ6VdhW8jA7ZofXdzcY876iBBRXWS8vWpJkL4e/xpK:OtIupuqV7W0A7ZoP5E7NBBRt7ULHx
Malware Config
Targets
-
-
Target
2025-04-12_e82746085ec13065e544a7df54a153bf_black-basta_cobalt-strike_satacom
-
Size
30.9MB
-
MD5
e82746085ec13065e544a7df54a153bf
-
SHA1
8e80cf7be1b9af9b4c0576d8eb3567143c6df7e9
-
SHA256
607f7702eedd524682be19d4aaf1995c08e2acd3733f88dd01bcef0d4c962a47
-
SHA512
c9d232c882151ad8bf2007658ffff42d025983aaa6cbaa1c00092db8c7d9a4e4341392a3581c535e22b2207920cb2245c066de16acf72d6f2c82b177a46656c4
-
SSDEEP
786432:OtIuqEuqQ6VdhW8jA7ZofXdzcY876iBBRXWS8vWpJkL4e/xpK:OtIupuqV7W0A7ZoP5E7NBBRt7ULHx
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-