General
-
Target
2025-04-14_517102b3f8b2cf77599d4867221d303e_black-basta_cobalt-strike_satacom
-
Size
29.8MB
-
Sample
250414-je38lattey
-
MD5
517102b3f8b2cf77599d4867221d303e
-
SHA1
06917c70b2914a783df1bc84422fb775b863de6b
-
SHA256
0cbf1db148f4cbcb41d46385ab7b5e9ac784f94f6de5601adf3a18d4d35a7479
-
SHA512
6f683658a1c8af3fc373e4d5d28bf7dc507559358f00d8cff72c41e4f05345c4df66296e78b0ee0b3cf2d708b1e8aa7fd4d00105f425f9a465159749b8b965af
-
SSDEEP
786432:1tIuqEuqpZUl3UW8KuhfX6Onl8dPXsIKppDgMyX9CXFrS74:1tIupuCWl3UWihP6MlmPZKppDgMytChS
Malware Config
Targets
-
-
Target
2025-04-14_517102b3f8b2cf77599d4867221d303e_black-basta_cobalt-strike_satacom
-
Size
29.8MB
-
MD5
517102b3f8b2cf77599d4867221d303e
-
SHA1
06917c70b2914a783df1bc84422fb775b863de6b
-
SHA256
0cbf1db148f4cbcb41d46385ab7b5e9ac784f94f6de5601adf3a18d4d35a7479
-
SHA512
6f683658a1c8af3fc373e4d5d28bf7dc507559358f00d8cff72c41e4f05345c4df66296e78b0ee0b3cf2d708b1e8aa7fd4d00105f425f9a465159749b8b965af
-
SSDEEP
786432:1tIuqEuqpZUl3UW8KuhfX6Onl8dPXsIKppDgMyX9CXFrS74:1tIupuCWl3UWihP6MlmPZKppDgMytChS
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-