General
-
Target
2025-05-16_328f54a8874ae5d9377f1d38c1a8a362_black-basta_cobalt-strike_satacom
-
Size
14.6MB
-
Sample
250516-a5m5mavkw7
-
MD5
328f54a8874ae5d9377f1d38c1a8a362
-
SHA1
b641df0d6629e1c32a6626bb9c3a509bc7432767
-
SHA256
0d4827f7feb6a342c60392aac34ea39682e2018710e2fa2cd6f590e8fc1aaab9
-
SHA512
27617b842f86adb2aa2e6c3658369dcc45d498f91e76f190a4ddd45c07417cfec773d13f1a6d853c4cbd042b370bfc08a090897044c686a630ee52ea9c5e27b9
-
SSDEEP
196608:HPqWQ3YAduglI0W8UA54uwurHmoFP/XRLF/uAqMVVbEP5sVHBR2wTC/jPGxXrfJu:W3YAduyW8ZWuCAXbWAq4tEPaBmw7fbg
Behavioral task
behavioral1
Sample
2025-05-16_328f54a8874ae5d9377f1d38c1a8a362_black-basta_cobalt-strike_satacom.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-05-16_328f54a8874ae5d9377f1d38c1a8a362_black-basta_cobalt-strike_satacom.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-05-16_328f54a8874ae5d9377f1d38c1a8a362_black-basta_cobalt-strike_satacom
-
Size
14.6MB
-
MD5
328f54a8874ae5d9377f1d38c1a8a362
-
SHA1
b641df0d6629e1c32a6626bb9c3a509bc7432767
-
SHA256
0d4827f7feb6a342c60392aac34ea39682e2018710e2fa2cd6f590e8fc1aaab9
-
SHA512
27617b842f86adb2aa2e6c3658369dcc45d498f91e76f190a4ddd45c07417cfec773d13f1a6d853c4cbd042b370bfc08a090897044c686a630ee52ea9c5e27b9
-
SSDEEP
196608:HPqWQ3YAduglI0W8UA54uwurHmoFP/XRLF/uAqMVVbEP5sVHBR2wTC/jPGxXrfJu:W3YAduyW8ZWuCAXbWAq4tEPaBmw7fbg
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-