General
-
Target
2025-06-04_78c33b7f409b21b9701aab017a803af5_black-basta_cobalt-strike_luca-stealer_satacom
-
Size
621KB
-
Sample
250604-l3r7cafn9s
-
MD5
78c33b7f409b21b9701aab017a803af5
-
SHA1
2241d6177990508110739685bc6889be2b92ac4a
-
SHA256
bb27172485b153390821c12cdb1e55d479e447bc8ea515d0ae66e2c939a06225
-
SHA512
5e74967fdd1c3bf165e6632b20a4d4251276e0a7e634a0b03bfc0cf7d88d3d6e3aee568f9f2c6fabf37b49038ce174bd6871615e9e5af68434c215de4712692c
-
SSDEEP
12288:Qm85aUvzytxNnCVHBLihSelIE6ZQ43+NWMlG5uYMBTsMjOo+:hUvzANnkhLVelIxZL30lyMBTdOx
Static task
static1
Malware Config
Extracted
xenorat
192.168.18.101
Ali
-
delay
5000
-
install_path
nothingset
-
port
4444
-
startup_name
Windows Active Lissence
Targets
-
-
Target
2025-06-04_78c33b7f409b21b9701aab017a803af5_black-basta_cobalt-strike_luca-stealer_satacom
-
Size
621KB
-
MD5
78c33b7f409b21b9701aab017a803af5
-
SHA1
2241d6177990508110739685bc6889be2b92ac4a
-
SHA256
bb27172485b153390821c12cdb1e55d479e447bc8ea515d0ae66e2c939a06225
-
SHA512
5e74967fdd1c3bf165e6632b20a4d4251276e0a7e634a0b03bfc0cf7d88d3d6e3aee568f9f2c6fabf37b49038ce174bd6871615e9e5af68434c215de4712692c
-
SSDEEP
12288:Qm85aUvzytxNnCVHBLihSelIE6ZQ43+NWMlG5uYMBTsMjOo+:hUvzANnkhLVelIxZL30lyMBTdOx
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-