General

  • Target

    2025-06-04_78c33b7f409b21b9701aab017a803af5_black-basta_cobalt-strike_luca-stealer_satacom

  • Size

    621KB

  • Sample

    250604-l3r7cafn9s

  • MD5

    78c33b7f409b21b9701aab017a803af5

  • SHA1

    2241d6177990508110739685bc6889be2b92ac4a

  • SHA256

    bb27172485b153390821c12cdb1e55d479e447bc8ea515d0ae66e2c939a06225

  • SHA512

    5e74967fdd1c3bf165e6632b20a4d4251276e0a7e634a0b03bfc0cf7d88d3d6e3aee568f9f2c6fabf37b49038ce174bd6871615e9e5af68434c215de4712692c

  • SSDEEP

    12288:Qm85aUvzytxNnCVHBLihSelIE6ZQ43+NWMlG5uYMBTsMjOo+:hUvzANnkhLVelIxZL30lyMBTdOx

Malware Config

Extracted

Family

xenorat

C2

192.168.18.101

Mutex

Ali

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    4444

  • startup_name

    Windows Active Lissence

Targets

    • Target

      2025-06-04_78c33b7f409b21b9701aab017a803af5_black-basta_cobalt-strike_luca-stealer_satacom

    • Size

      621KB

    • MD5

      78c33b7f409b21b9701aab017a803af5

    • SHA1

      2241d6177990508110739685bc6889be2b92ac4a

    • SHA256

      bb27172485b153390821c12cdb1e55d479e447bc8ea515d0ae66e2c939a06225

    • SHA512

      5e74967fdd1c3bf165e6632b20a4d4251276e0a7e634a0b03bfc0cf7d88d3d6e3aee568f9f2c6fabf37b49038ce174bd6871615e9e5af68434c215de4712692c

    • SSDEEP

      12288:Qm85aUvzytxNnCVHBLihSelIE6ZQ43+NWMlG5uYMBTsMjOo+:hUvzANnkhLVelIxZL30lyMBTdOx

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v16

Tasks