General
-
Target
2025-05-26_b36e558f426bb9d2e59a60ce3fb70783_black-basta_cobalt-strike_hijackloader_satacom
-
Size
740KB
-
Sample
250526-2jc63svtez
-
MD5
b36e558f426bb9d2e59a60ce3fb70783
-
SHA1
705d0381526c6fe11e8fa6970f2825cc82b2a9ff
-
SHA256
5f06d02c7fc6cba069848289424d1b675801591a4c044ec9b5edf81f687647f1
-
SHA512
9bd72701c35f69cf82228cf16d67e4539fcf41c00314a9f2b5aca02238ea577b4f1a44f271a6cb436d951ffbfb8bc96fbaca0f2a348cb4fe8b410a74a7815c49
-
SSDEEP
12288:6XVR5HL8rvl+tCOasLXeNO1g3Ro4XeaabqzZP3CCNFt6q5cpnllEyFkhk:6FR5L8rd+oLsyNO1mBXYqlAq5cplNFz
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-26_b36e558f426bb9d2e59a60ce3fb70783_black-basta_cobalt-strike_hijackloader_satacom.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
phorphiex
http://185.156.72.39/
http://45.141.233.6/
TW3wpRJmZgC5WifuY468JBUCF3TEkzBT5H
qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
rsXCXBf9SagxV8JfC12d8Bybk84oPdMNN9
AULzfBuUAPfCGAXoG5Vq14aP9s6fx3AH4Z
LdgchXq1sKbAaAJ1EXAPSRBzLb8jnTZstT
MF6iVGLmErYP9y4B9SwtzarDoy3ETSzYrh
4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK
XryzFMFVpDUvU7famUGf214EXD3xNUSmQf
0x46e5cc402BC848ceC9f4d65c9B48aE7D7A24821B
15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC
1B8FF5WwJXNnjkVzxgPkAznVZ8uKb3Watx
ltc1qyfzdpxky7q2grz4zmqv5x0t0uwfuznl5u43c93
3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc
3GcQJkfHq7NWgBhhNKjz7uSfM6LzADpLvX
CSLKveRL2zqkbV2TqiFVuW6twtpqgFajoUZLAJQTTQk2
DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA
t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh
stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj
bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2
bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr
bc1q9tgkga69k094n5v0pn7ewmpp2kn66sh9hu65gq
GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3
bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
-
mutex
l9n7b5f2r
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Extracted
phorphiex
http://185.156.72.39
185.156.72.39
Targets
-
-
Target
2025-05-26_b36e558f426bb9d2e59a60ce3fb70783_black-basta_cobalt-strike_hijackloader_satacom
-
Size
740KB
-
MD5
b36e558f426bb9d2e59a60ce3fb70783
-
SHA1
705d0381526c6fe11e8fa6970f2825cc82b2a9ff
-
SHA256
5f06d02c7fc6cba069848289424d1b675801591a4c044ec9b5edf81f687647f1
-
SHA512
9bd72701c35f69cf82228cf16d67e4539fcf41c00314a9f2b5aca02238ea577b4f1a44f271a6cb436d951ffbfb8bc96fbaca0f2a348cb4fe8b410a74a7815c49
-
SSDEEP
12288:6XVR5HL8rvl+tCOasLXeNO1g3Ro4XeaabqzZP3CCNFt6q5cpnllEyFkhk:6FR5L8rd+oLsyNO1mBXYqlAq5cplNFz
-
Phorphiex family
-
Phorphiex payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1