General
-
Target
2025-05-18_4a4db905f2d2789d38abafb7324e4262_black-basta_cobalt-strike_satacom
-
Size
571KB
-
Sample
250518-kg6beagm81
-
MD5
4a4db905f2d2789d38abafb7324e4262
-
SHA1
dbeadac1eaa3e121cbbdc87b979cc258b7a9a294
-
SHA256
043d70aff4551805e0f3f2dddcf95e7b322e716b43fc93d67782904ba81abaea
-
SHA512
360811385581d24c4d83009a6c7c82956262624e6fad792d2869c7fdf6b636c28440f0acc81d0c3fa8e58730dedd6471508b75014fd94a4e281034d9c6b839e6
-
SSDEEP
6144:d6Ars7rGDztaY97nTPBPleJ0kDjRPveeDhXHnXgJs4HLVVDPmhVV1yGvZVVFWOD4:dOGFf7nqJ0kD9neeDxynHhmLt3
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-18_4a4db905f2d2789d38abafb7324e4262_black-basta_cobalt-strike_satacom.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-05-18_4a4db905f2d2789d38abafb7324e4262_black-basta_cobalt-strike_satacom
-
Size
571KB
-
MD5
4a4db905f2d2789d38abafb7324e4262
-
SHA1
dbeadac1eaa3e121cbbdc87b979cc258b7a9a294
-
SHA256
043d70aff4551805e0f3f2dddcf95e7b322e716b43fc93d67782904ba81abaea
-
SHA512
360811385581d24c4d83009a6c7c82956262624e6fad792d2869c7fdf6b636c28440f0acc81d0c3fa8e58730dedd6471508b75014fd94a4e281034d9c6b839e6
-
SSDEEP
6144:d6Ars7rGDztaY97nTPBPleJ0kDjRPveeDhXHnXgJs4HLVVDPmhVV1yGvZVVFWOD4:dOGFf7nqJ0kD9neeDxynHhmLt3
-
Modifies WinLogon for persistence
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Enumerates VirtualBox registry keys
-
Modifies boot configuration data using bcdedit
-
Looks for VMWare services registry key.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Power Settings
1Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Virtualization/Sandbox Evasion
2