General

  • Target

    2025-06-02_96eec19c7d437a694123dd5c7d755472_black-basta_cobalt-strike_elex_luca-stealer

  • Size

    642KB

  • Sample

    250602-qcbtwsfn3s

  • MD5

    96eec19c7d437a694123dd5c7d755472

  • SHA1

    6435af40666653a0179f1a2965eb30e8b244ae79

  • SHA256

    18f5686739127dc83ab710e26a00f4ed848c468625933bac30cd7a3aac97a113

  • SHA512

    a5583413ed00d23154bb75ebea8e0d7b885ed6f3af4bb4184dd6d72e09be59144ee933589d2b30bbc7869809b1ea6c68659c82d8ecdad95d1d97a4564f3622e6

  • SSDEEP

    12288:fES9N+T5xYrllrU7QY6cNZ4FP/J+CtaxnjZpAbxdxDcWcnR4bfXfwiSeiw8xHgbo:U5xolYQY6coTel3+s0DvfeUYqcZQCGm3

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2025-06-02_96eec19c7d437a694123dd5c7d755472_black-basta_cobalt-strike_elex_luca-stealer

    • Size

      642KB

    • MD5

      96eec19c7d437a694123dd5c7d755472

    • SHA1

      6435af40666653a0179f1a2965eb30e8b244ae79

    • SHA256

      18f5686739127dc83ab710e26a00f4ed848c468625933bac30cd7a3aac97a113

    • SHA512

      a5583413ed00d23154bb75ebea8e0d7b885ed6f3af4bb4184dd6d72e09be59144ee933589d2b30bbc7869809b1ea6c68659c82d8ecdad95d1d97a4564f3622e6

    • SSDEEP

      12288:fES9N+T5xYrllrU7QY6cNZ4FP/J+CtaxnjZpAbxdxDcWcnR4bfXfwiSeiw8xHgbo:U5xolYQY6coTel3+s0DvfeUYqcZQCGm3

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks