General

  • Target

    2025-06-02_dc613510f3e0f1055adcaeb2f5350869_black-basta_cobalt-strike_elex_luca-stealer

  • Size

    864KB

  • Sample

    250602-nvmyrszms5

  • MD5

    dc613510f3e0f1055adcaeb2f5350869

  • SHA1

    855429bdad9881b6b6c6a808d734abf71230cd33

  • SHA256

    7612c60e441aa7be42b09c16f0ec15d78abc806691ad9101e70a1ffb21a528f5

  • SHA512

    4e469e00d0e6bf472c939b9e88ab4d4e5f4c011ce69c3d796b80604bb3820a11a60dc83b2fc2b317cc33550b59bbd67bc1678bc4ab98e921e0f62fc813e9ee6b

  • SSDEEP

    12288:rE/N+T5xYrllrU7QY6saAr4CTl8afBILlnj4YnVWqqPIBONhxsUe3X:T5xolYQY6saRCTl8pCj/xsUe3X

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2025-06-02_dc613510f3e0f1055adcaeb2f5350869_black-basta_cobalt-strike_elex_luca-stealer

    • Size

      864KB

    • MD5

      dc613510f3e0f1055adcaeb2f5350869

    • SHA1

      855429bdad9881b6b6c6a808d734abf71230cd33

    • SHA256

      7612c60e441aa7be42b09c16f0ec15d78abc806691ad9101e70a1ffb21a528f5

    • SHA512

      4e469e00d0e6bf472c939b9e88ab4d4e5f4c011ce69c3d796b80604bb3820a11a60dc83b2fc2b317cc33550b59bbd67bc1678bc4ab98e921e0f62fc813e9ee6b

    • SSDEEP

      12288:rE/N+T5xYrllrU7QY6saAr4CTl8afBILlnj4YnVWqqPIBONhxsUe3X:T5xolYQY6saRCTl8pCj/xsUe3X

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks