General
-
Target
2025-05-18_741e798671e3b351730e5c31970a2cfb_black-basta_cobalt-strike_satacom
-
Size
527KB
-
Sample
250518-lxfalaam41
-
MD5
741e798671e3b351730e5c31970a2cfb
-
SHA1
26c909c17979cd8b282d4184386af17da327ccec
-
SHA256
6151a3a1650500712dec094b331a025e157c0c24ebcde7c048290c79a23c13cd
-
SHA512
585f4656578a345306894988a5d4b804c86c45ba71e677118c7cda15f2abd81e9c049355451a44962c487bde278d8c40a68bd9386c3c04ef39f9f056e9651696
-
SSDEEP
6144:O7rGDztaY97nTPBPleJ0kDjRPveeDhXHnXgJs4HLVVDPmhVV1yGvZVVFWODhxR2:0GFf7nqJ0kD9neeDxynHhmLt3
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-18_741e798671e3b351730e5c31970a2cfb_black-basta_cobalt-strike_satacom.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\RecoverYourFiles.txt
https://getsession.org/
Targets
-
-
Target
2025-05-18_741e798671e3b351730e5c31970a2cfb_black-basta_cobalt-strike_satacom
-
Size
527KB
-
MD5
741e798671e3b351730e5c31970a2cfb
-
SHA1
26c909c17979cd8b282d4184386af17da327ccec
-
SHA256
6151a3a1650500712dec094b331a025e157c0c24ebcde7c048290c79a23c13cd
-
SHA512
585f4656578a345306894988a5d4b804c86c45ba71e677118c7cda15f2abd81e9c049355451a44962c487bde278d8c40a68bd9386c3c04ef39f9f056e9651696
-
SSDEEP
6144:O7rGDztaY97nTPBPleJ0kDjRPveeDhXHnXgJs4HLVVDPmhVV1yGvZVVFWODhxR2:0GFf7nqJ0kD9neeDxynHhmLt3
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (937) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Modifies boot configuration data using bcdedit
-
Sets desktop wallpaper using registry
-