General

  • Target

    2025-05-18_4a4db905f2d2789d38abafb7324e4262_black-basta_cobalt-strike_satacom

  • Size

    571KB

  • Sample

    250518-kg6beagm81

  • MD5

    4a4db905f2d2789d38abafb7324e4262

  • SHA1

    dbeadac1eaa3e121cbbdc87b979cc258b7a9a294

  • SHA256

    043d70aff4551805e0f3f2dddcf95e7b322e716b43fc93d67782904ba81abaea

  • SHA512

    360811385581d24c4d83009a6c7c82956262624e6fad792d2869c7fdf6b636c28440f0acc81d0c3fa8e58730dedd6471508b75014fd94a4e281034d9c6b839e6

  • SSDEEP

    6144:d6Ars7rGDztaY97nTPBPleJ0kDjRPveeDhXHnXgJs4HLVVDPmhVV1yGvZVVFWOD4:dOGFf7nqJ0kD9neeDxynHhmLt3

Malware Config

Targets

    • Target

      2025-05-18_4a4db905f2d2789d38abafb7324e4262_black-basta_cobalt-strike_satacom

    • Size

      571KB

    • MD5

      4a4db905f2d2789d38abafb7324e4262

    • SHA1

      dbeadac1eaa3e121cbbdc87b979cc258b7a9a294

    • SHA256

      043d70aff4551805e0f3f2dddcf95e7b322e716b43fc93d67782904ba81abaea

    • SHA512

      360811385581d24c4d83009a6c7c82956262624e6fad792d2869c7fdf6b636c28440f0acc81d0c3fa8e58730dedd6471508b75014fd94a4e281034d9c6b839e6

    • SSDEEP

      6144:d6Ars7rGDztaY97nTPBPleJ0kDjRPveeDhXHnXgJs4HLVVDPmhVV1yGvZVVFWOD4:dOGFf7nqJ0kD9neeDxynHhmLt3

    • Modifies WinLogon for persistence

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Enumerates VirtualBox registry keys

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Looks for VMWare services registry key.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks