General

  • Target

    2025-06-30_63e048f29d00ced05dbd871b751085e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar

  • Size

    20.2MB

  • Sample

    250630-zdb1qavnx5

  • MD5

    63e048f29d00ced05dbd871b751085e9

  • SHA1

    ba3a8fff8580b7f54e9816a0e1ae310874ba6caa

  • SHA256

    4c820efcf7198e5233cfa11233d82518ec6226a4974aec4fadb9be15e77dffdb

  • SHA512

    f03c586bfc050c24524f4f16a104f88e4d91d10fa3355cada9d779e29bd1665806e9526b3d69fe72dc8551410615b010a7240cd808110d90ab3d5f422a16028c

  • SSDEEP

    393216:36p3BqPP4UahvDowhhLpIaBbxlB4wsFsOw8ERIEgfPjSDNWCkye:83BqpahBmIb2FT5P2DNWCG

Malware Config

Targets

    • Target

      2025-06-30_63e048f29d00ced05dbd871b751085e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar

    • Size

      20.2MB

    • MD5

      63e048f29d00ced05dbd871b751085e9

    • SHA1

      ba3a8fff8580b7f54e9816a0e1ae310874ba6caa

    • SHA256

      4c820efcf7198e5233cfa11233d82518ec6226a4974aec4fadb9be15e77dffdb

    • SHA512

      f03c586bfc050c24524f4f16a104f88e4d91d10fa3355cada9d779e29bd1665806e9526b3d69fe72dc8551410615b010a7240cd808110d90ab3d5f422a16028c

    • SSDEEP

      393216:36p3BqPP4UahvDowhhLpIaBbxlB4wsFsOw8ERIEgfPjSDNWCkye:83BqpahBmIb2FT5P2DNWCG

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks