General
-
Target
2025-06-02_96eec19c7d437a694123dd5c7d755472_black-basta_cobalt-strike_elex_luca-stealer
-
Size
642KB
-
Sample
250602-qcbtwsfn3s
-
MD5
96eec19c7d437a694123dd5c7d755472
-
SHA1
6435af40666653a0179f1a2965eb30e8b244ae79
-
SHA256
18f5686739127dc83ab710e26a00f4ed848c468625933bac30cd7a3aac97a113
-
SHA512
a5583413ed00d23154bb75ebea8e0d7b885ed6f3af4bb4184dd6d72e09be59144ee933589d2b30bbc7869809b1ea6c68659c82d8ecdad95d1d97a4564f3622e6
-
SSDEEP
12288:fES9N+T5xYrllrU7QY6cNZ4FP/J+CtaxnjZpAbxdxDcWcnR4bfXfwiSeiw8xHgbo:U5xolYQY6coTel3+s0DvfeUYqcZQCGm3
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-02_96eec19c7d437a694123dd5c7d755472_black-basta_cobalt-strike_elex_luca-stealer.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2025-06-02_96eec19c7d437a694123dd5c7d755472_black-basta_cobalt-strike_elex_luca-stealer
-
Size
642KB
-
MD5
96eec19c7d437a694123dd5c7d755472
-
SHA1
6435af40666653a0179f1a2965eb30e8b244ae79
-
SHA256
18f5686739127dc83ab710e26a00f4ed848c468625933bac30cd7a3aac97a113
-
SHA512
a5583413ed00d23154bb75ebea8e0d7b885ed6f3af4bb4184dd6d72e09be59144ee933589d2b30bbc7869809b1ea6c68659c82d8ecdad95d1d97a4564f3622e6
-
SSDEEP
12288:fES9N+T5xYrllrU7QY6cNZ4FP/J+CtaxnjZpAbxdxDcWcnR4bfXfwiSeiw8xHgbo:U5xolYQY6coTel3+s0DvfeUYqcZQCGm3
-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Sality family
-
UAC bypass
-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9