General
-
Target
2025-06-30_20c33c9af9736e14a875ce18ffa3eab5_black-basta_cobalt-strike_luca-stealer_satacom_vidar
-
Size
10.1MB
-
Sample
250630-y9g16sgj9v
-
MD5
20c33c9af9736e14a875ce18ffa3eab5
-
SHA1
4d137f5c32f2b3a97e2ede0ad465178e2ba44a35
-
SHA256
b4fb7bbe8a9750ab03111fe75993f7d8b43336b61bdf0144ca2e7e2d04a98e6c
-
SHA512
5ec297394d0a383d7f0510705e70ef12977fd91541ea887ea63537a99c3f5ad1d26aa9eaf2701b13311dbeac68b317764508c3ff78f556b628e58bc360e64142
-
SSDEEP
196608:2v0XhIwfI9jUCZ6rlaZLH7qRGrmIYUobPTBL8lTG+cTyrjinRcpB:rIHM0drrYRbPTBBWMcpB
Behavioral task
behavioral1
Sample
2025-06-30_20c33c9af9736e14a875ce18ffa3eab5_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win10v2004-20250619-en
Malware Config
Targets
-
-
Target
2025-06-30_20c33c9af9736e14a875ce18ffa3eab5_black-basta_cobalt-strike_luca-stealer_satacom_vidar
-
Size
10.1MB
-
MD5
20c33c9af9736e14a875ce18ffa3eab5
-
SHA1
4d137f5c32f2b3a97e2ede0ad465178e2ba44a35
-
SHA256
b4fb7bbe8a9750ab03111fe75993f7d8b43336b61bdf0144ca2e7e2d04a98e6c
-
SHA512
5ec297394d0a383d7f0510705e70ef12977fd91541ea887ea63537a99c3f5ad1d26aa9eaf2701b13311dbeac68b317764508c3ff78f556b628e58bc360e64142
-
SSDEEP
196608:2v0XhIwfI9jUCZ6rlaZLH7qRGrmIYUobPTBL8lTG+cTyrjinRcpB:rIHM0drrYRbPTBBWMcpB
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3