Overview

overview

10

Static

static

10

2025-04-13...om.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-13_36d84ce13dea34450616cedd25bc125e_black-basta_cobalt-strike_satacom

  • Size

    7.9MB

  • Sample

    250413-t4vymazyas

  • MD5

    36d84ce13dea34450616cedd25bc125e

  • SHA1

    107ae3b9c9c2a20b6463090da6cf196783411803

  • SHA256

    c47728e637b01964912acba065ce0c7da8a29a97cac34f9a1e2584e1d5371019

  • SHA512

    f0703a425059bd5443331c6664a5fb0c1d6021c7979cf7770847361833ec3b76457a7bfd34c6fd1e7de624dc864d6b1e9bde1c8187458fd14c8c4cd05b039e65

  • SSDEEP

    196608:eW4IdNTwhLOCoFeNlpYfMQc2s2k0ax8Ehn6ksqdhb:NKL1CMQb5axbhZdhb

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      2025-04-13_36d84ce13dea34450616cedd25bc125e_black-basta_cobalt-strike_satacom

    • Size

      7.9MB

    • MD5

      36d84ce13dea34450616cedd25bc125e

    • SHA1

      107ae3b9c9c2a20b6463090da6cf196783411803

    • SHA256

      c47728e637b01964912acba065ce0c7da8a29a97cac34f9a1e2584e1d5371019

    • SHA512

      f0703a425059bd5443331c6664a5fb0c1d6021c7979cf7770847361833ec3b76457a7bfd34c6fd1e7de624dc864d6b1e9bde1c8187458fd14c8c4cd05b039e65

    • SSDEEP

      196608:eW4IdNTwhLOCoFeNlpYfMQc2s2k0ax8Ehn6ksqdhb:NKL1CMQb5axbhZdhb

    Score
    8/10
    collectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks