General

  • Target

    2025-05-01_b7e852afa8ed17eca699053d8073ced1_black-basta_cobalt-strike_ryuk_satacom

  • Size

    950KB

  • Sample

    250501-edr2qayycx

  • MD5

    b7e852afa8ed17eca699053d8073ced1

  • SHA1

    e1c33d994f55f96698ce3a1647a676ef3320c42a

  • SHA256

    e165d517ea8a6355e302619365d77884dac88c9c31a99905dca8a3af17c851e1

  • SHA512

    1ed88f4a59852a2818a66c238183790dea739fca3bb714ec4da9de2ffc57bb7ed266d5856e6d311a06424f3623d53b899a7153b33203ce50912bbc31d705b2e4

  • SSDEEP

    24576:tyM2e6Bvc6mnZo7hi8EzsjOc6mnZo7hi8Ezsj:WhCLZRijLZRi

Malware Config

Targets

    • Target

      2025-05-01_b7e852afa8ed17eca699053d8073ced1_black-basta_cobalt-strike_ryuk_satacom

    • Size

      950KB

    • MD5

      b7e852afa8ed17eca699053d8073ced1

    • SHA1

      e1c33d994f55f96698ce3a1647a676ef3320c42a

    • SHA256

      e165d517ea8a6355e302619365d77884dac88c9c31a99905dca8a3af17c851e1

    • SHA512

      1ed88f4a59852a2818a66c238183790dea739fca3bb714ec4da9de2ffc57bb7ed266d5856e6d311a06424f3623d53b899a7153b33203ce50912bbc31d705b2e4

    • SSDEEP

      24576:tyM2e6Bvc6mnZo7hi8EzsjOc6mnZo7hi8Ezsj:WhCLZRijLZRi

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks