General

  • Target

    2025-05-05_6218b39c0d6279b3c3807a372a31c98d_black-basta_cobalt-strike_coinminer_satacom_zxxz

  • Size

    46.5MB

  • Sample

    250505-qsb5lax1fz

  • MD5

    6218b39c0d6279b3c3807a372a31c98d

  • SHA1

    fe7d40d2a90c4cce84f91f8ca76ab522d5ce6c38

  • SHA256

    2618a15a906e5211803e8fa802775fa4f37c2b2d011daad3b309a3b22f353798

  • SHA512

    307284698fe8363a9751cc4a2761652e2e61a0798ff9040c0588362e25e4bf4daab2be2ef7406dd467be492619273c43dbdbbb4d9d8c11fdbb2d2dd9e65fa38d

  • SSDEEP

    393216:q76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfcnVQx4urYsANulL7NB:q0LoCOn+2cs4urYDNulLBiu1

Malware Config

Targets

    • Target

      2025-05-05_6218b39c0d6279b3c3807a372a31c98d_black-basta_cobalt-strike_coinminer_satacom_zxxz

    • Size

      46.5MB

    • MD5

      6218b39c0d6279b3c3807a372a31c98d

    • SHA1

      fe7d40d2a90c4cce84f91f8ca76ab522d5ce6c38

    • SHA256

      2618a15a906e5211803e8fa802775fa4f37c2b2d011daad3b309a3b22f353798

    • SHA512

      307284698fe8363a9751cc4a2761652e2e61a0798ff9040c0588362e25e4bf4daab2be2ef7406dd467be492619273c43dbdbbb4d9d8c11fdbb2d2dd9e65fa38d

    • SSDEEP

      393216:q76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfcnVQx4urYsANulL7NB:q0LoCOn+2cs4urYDNulLBiu1

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks