General

  • Target

    2025-06-30_9e0c509db85253136e21f9a374acf9eb_black-basta_cobalt-strike_luca-stealer_satacom_vidar

  • Size

    11.2MB

  • Sample

    250630-zh7m7axxbw

  • MD5

    9e0c509db85253136e21f9a374acf9eb

  • SHA1

    77676d1870d5ec1df3b4051b36d6f1e8084c901e

  • SHA256

    03fd03cba9b54905d4d60c07b462eec5c2037b766e585e927d77404fb72feb6b

  • SHA512

    1a0ec955196471c655b0b5c1ef304a228b778c49700727c08072af41a4a122e5fdbc4d1c3ff21119f35686e17dfafcd32331e1c521819b7efbbdb74c979ec6ea

  • SSDEEP

    196608:RP4UOXXKAp2SPuj9fZwQRCgJIKpdzjPO6n7jdnfPTBR2wTC/jzcPyrjinf3Xk:dQIxw8fIKppDOafPTBsgWu3Xk

Malware Config

Targets

    • Target

      2025-06-30_9e0c509db85253136e21f9a374acf9eb_black-basta_cobalt-strike_luca-stealer_satacom_vidar

    • Size

      11.2MB

    • MD5

      9e0c509db85253136e21f9a374acf9eb

    • SHA1

      77676d1870d5ec1df3b4051b36d6f1e8084c901e

    • SHA256

      03fd03cba9b54905d4d60c07b462eec5c2037b766e585e927d77404fb72feb6b

    • SHA512

      1a0ec955196471c655b0b5c1ef304a228b778c49700727c08072af41a4a122e5fdbc4d1c3ff21119f35686e17dfafcd32331e1c521819b7efbbdb74c979ec6ea

    • SSDEEP

      196608:RP4UOXXKAp2SPuj9fZwQRCgJIKpdzjPO6n7jdnfPTBR2wTC/jzcPyrjinf3Xk:dQIxw8fIKppDOafPTBsgWu3Xk

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks