General

  • Target

    2025-06-30_20c33c9af9736e14a875ce18ffa3eab5_black-basta_cobalt-strike_luca-stealer_satacom_vidar

  • Size

    10.1MB

  • Sample

    250630-y9g16sgj9v

  • MD5

    20c33c9af9736e14a875ce18ffa3eab5

  • SHA1

    4d137f5c32f2b3a97e2ede0ad465178e2ba44a35

  • SHA256

    b4fb7bbe8a9750ab03111fe75993f7d8b43336b61bdf0144ca2e7e2d04a98e6c

  • SHA512

    5ec297394d0a383d7f0510705e70ef12977fd91541ea887ea63537a99c3f5ad1d26aa9eaf2701b13311dbeac68b317764508c3ff78f556b628e58bc360e64142

  • SSDEEP

    196608:2v0XhIwfI9jUCZ6rlaZLH7qRGrmIYUobPTBL8lTG+cTyrjinRcpB:rIHM0drrYRbPTBBWMcpB

Malware Config

Targets

    • Target

      2025-06-30_20c33c9af9736e14a875ce18ffa3eab5_black-basta_cobalt-strike_luca-stealer_satacom_vidar

    • Size

      10.1MB

    • MD5

      20c33c9af9736e14a875ce18ffa3eab5

    • SHA1

      4d137f5c32f2b3a97e2ede0ad465178e2ba44a35

    • SHA256

      b4fb7bbe8a9750ab03111fe75993f7d8b43336b61bdf0144ca2e7e2d04a98e6c

    • SHA512

      5ec297394d0a383d7f0510705e70ef12977fd91541ea887ea63537a99c3f5ad1d26aa9eaf2701b13311dbeac68b317764508c3ff78f556b628e58bc360e64142

    • SSDEEP

      196608:2v0XhIwfI9jUCZ6rlaZLH7qRGrmIYUobPTBL8lTG+cTyrjinRcpB:rIHM0drrYRbPTBBWMcpB

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks