General
-
Target
2025-06-04_c1cbab1d0b8e67a60befb2527f932e72_black-basta_cobalt-strike_coinminer
-
Size
11.9MB
-
Sample
250604-2lqvysej3s
-
MD5
c1cbab1d0b8e67a60befb2527f932e72
-
SHA1
56a9ec88d9a76aa6e396c3a2f50fb82b58e8e80f
-
SHA256
79975405c867b86ce580e501dc3392da329edd4467e3de87f3813df0594bb08f
-
SHA512
4cd8e1b684e3bc52b19546834fd4822c48cc99ffb53ceda7bdc2aa965363f6d9f64beac228432fb2f13248dacff846cb3ce709c753b467316f9ddc5f85fd13ea
-
SSDEEP
196608:25qvWugHA3MNko3LTQUK1ZKYCyE9Bff8jW:QqOJHA3MNkCLTQUK1ZKYCyE9BU
Behavioral task
behavioral1
Sample
2025-06-04_c1cbab1d0b8e67a60befb2527f932e72_black-basta_cobalt-strike_coinminer.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-06-04_c1cbab1d0b8e67a60befb2527f932e72_black-basta_cobalt-strike_coinminer
-
Size
11.9MB
-
MD5
c1cbab1d0b8e67a60befb2527f932e72
-
SHA1
56a9ec88d9a76aa6e396c3a2f50fb82b58e8e80f
-
SHA256
79975405c867b86ce580e501dc3392da329edd4467e3de87f3813df0594bb08f
-
SHA512
4cd8e1b684e3bc52b19546834fd4822c48cc99ffb53ceda7bdc2aa965363f6d9f64beac228432fb2f13248dacff846cb3ce709c753b467316f9ddc5f85fd13ea
-
SSDEEP
196608:25qvWugHA3MNko3LTQUK1ZKYCyE9Bff8jW:QqOJHA3MNkCLTQUK1ZKYCyE9BU
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-