General

  • Target

    2025-04-21_5055cbcaf088ef5912dae52353331153_black-basta_cobalt-strike_satacom

  • Size

    11.7MB

  • Sample

    250421-lry6hssls7

  • MD5

    5055cbcaf088ef5912dae52353331153

  • SHA1

    f060bdab6e0d109ffe3d7ddd24e5c538a3423a40

  • SHA256

    9999ded513a4f6b2065330b35d0d884804f40ac927c94c16f1130ab2090b5b64

  • SHA512

    4f1ca48ea5428b2fb049673f73f6fddbb12e5aaf86d554be613a865af64b5b093a1c05bfe09b5239e8b6993339164062c1f3c27c2a252a5dc3beb0016432f389

  • SSDEEP

    196608:N0WE0W8/LaOMyUA1HeT39IigwTauDXURuA3dSYEQVdnSEXu4wBu:jjW8HMyt1+TtIiF2uARuA3dS9QV88u4f

Malware Config

Targets

    • Target

      2025-04-21_5055cbcaf088ef5912dae52353331153_black-basta_cobalt-strike_satacom

    • Size

      11.7MB

    • MD5

      5055cbcaf088ef5912dae52353331153

    • SHA1

      f060bdab6e0d109ffe3d7ddd24e5c538a3423a40

    • SHA256

      9999ded513a4f6b2065330b35d0d884804f40ac927c94c16f1130ab2090b5b64

    • SHA512

      4f1ca48ea5428b2fb049673f73f6fddbb12e5aaf86d554be613a865af64b5b093a1c05bfe09b5239e8b6993339164062c1f3c27c2a252a5dc3beb0016432f389

    • SSDEEP

      196608:N0WE0W8/LaOMyUA1HeT39IigwTauDXURuA3dSYEQVdnSEXu4wBu:jjW8HMyt1+TtIiF2uARuA3dS9QV88u4f

    • MilleniumRat

      MilleniumRat is a remote access trojan written in C#.

    • Milleniumrat family

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks