General

  • Target

    2025-05-16_328f54a8874ae5d9377f1d38c1a8a362_black-basta_cobalt-strike_satacom

  • Size

    14.6MB

  • Sample

    250516-a5m5mavkw7

  • MD5

    328f54a8874ae5d9377f1d38c1a8a362

  • SHA1

    b641df0d6629e1c32a6626bb9c3a509bc7432767

  • SHA256

    0d4827f7feb6a342c60392aac34ea39682e2018710e2fa2cd6f590e8fc1aaab9

  • SHA512

    27617b842f86adb2aa2e6c3658369dcc45d498f91e76f190a4ddd45c07417cfec773d13f1a6d853c4cbd042b370bfc08a090897044c686a630ee52ea9c5e27b9

  • SSDEEP

    196608:HPqWQ3YAduglI0W8UA54uwurHmoFP/XRLF/uAqMVVbEP5sVHBR2wTC/jPGxXrfJu:W3YAduyW8ZWuCAXbWAq4tEPaBmw7fbg

Malware Config

Targets

    • Target

      2025-05-16_328f54a8874ae5d9377f1d38c1a8a362_black-basta_cobalt-strike_satacom

    • Size

      14.6MB

    • MD5

      328f54a8874ae5d9377f1d38c1a8a362

    • SHA1

      b641df0d6629e1c32a6626bb9c3a509bc7432767

    • SHA256

      0d4827f7feb6a342c60392aac34ea39682e2018710e2fa2cd6f590e8fc1aaab9

    • SHA512

      27617b842f86adb2aa2e6c3658369dcc45d498f91e76f190a4ddd45c07417cfec773d13f1a6d853c4cbd042b370bfc08a090897044c686a630ee52ea9c5e27b9

    • SSDEEP

      196608:HPqWQ3YAduglI0W8UA54uwurHmoFP/XRLF/uAqMVVbEP5sVHBR2wTC/jPGxXrfJu:W3YAduyW8ZWuCAXbWAq4tEPaBmw7fbg

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v16

Tasks