General
-
Target
2025-04-23_f0410358a0d9dbd0dff3113d9c744ca7_bitrat_black-basta_cobalt-strike_elex_luca-stealer
-
Size
418KB
-
Sample
250423-r8mfyaz1g1
-
MD5
f0410358a0d9dbd0dff3113d9c744ca7
-
SHA1
0b812c1b1ae8299fcaf9ac192587eeed76f5abe4
-
SHA256
80e3a04fa68be799b3c91737e1918f8394b250603a231a251524244e4d7f77d9
-
SHA512
4c59fd2e895342535114dd07c6b53236d47593804a8e64a9ec5ec519314906137d569b92cd7d80fef07134f0deec4dd1c7325f564a5789328bf2b30d6edff437
-
SSDEEP
12288:FnvxplpMAX99S4B009MqyQMKNT7ydfAD8xE:FvxplpMAtU4Bl9MdQFT7ydIoS
Static task
static1
Behavioral task
behavioral1
Sample
2025-04-23_f0410358a0d9dbd0dff3113d9c744ca7_bitrat_black-basta_cobalt-strike_elex_luca-stealer.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
2025-04-23_f0410358a0d9dbd0dff3113d9c744ca7_bitrat_black-basta_cobalt-strike_elex_luca-stealer.exe
Resource
win11-20250410-en
Malware Config
Extracted
C:\Program Files\readme.txt
dragonforce
http://3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion
Targets
-
-
Target
2025-04-23_f0410358a0d9dbd0dff3113d9c744ca7_bitrat_black-basta_cobalt-strike_elex_luca-stealer
-
Size
418KB
-
MD5
f0410358a0d9dbd0dff3113d9c744ca7
-
SHA1
0b812c1b1ae8299fcaf9ac192587eeed76f5abe4
-
SHA256
80e3a04fa68be799b3c91737e1918f8394b250603a231a251524244e4d7f77d9
-
SHA512
4c59fd2e895342535114dd07c6b53236d47593804a8e64a9ec5ec519314906137d569b92cd7d80fef07134f0deec4dd1c7325f564a5789328bf2b30d6edff437
-
SSDEEP
12288:FnvxplpMAX99S4B009MqyQMKNT7ydfAD8xE:FvxplpMAtU4Bl9MdQFT7ydIoS
-
DragonForce
Ransomware family based on Lockbit that was first observed in November 2023.
-
Dragonforce family
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1