General
-
Target
2025-06-30_9e0c509db85253136e21f9a374acf9eb_black-basta_cobalt-strike_luca-stealer_satacom_vidar
-
Size
11.2MB
-
Sample
250630-zh7m7axxbw
-
MD5
9e0c509db85253136e21f9a374acf9eb
-
SHA1
77676d1870d5ec1df3b4051b36d6f1e8084c901e
-
SHA256
03fd03cba9b54905d4d60c07b462eec5c2037b766e585e927d77404fb72feb6b
-
SHA512
1a0ec955196471c655b0b5c1ef304a228b778c49700727c08072af41a4a122e5fdbc4d1c3ff21119f35686e17dfafcd32331e1c521819b7efbbdb74c979ec6ea
-
SSDEEP
196608:RP4UOXXKAp2SPuj9fZwQRCgJIKpdzjPO6n7jdnfPTBR2wTC/jzcPyrjinf3Xk:dQIxw8fIKppDOafPTBsgWu3Xk
Behavioral task
behavioral1
Sample
2025-06-30_9e0c509db85253136e21f9a374acf9eb_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
2025-06-30_9e0c509db85253136e21f9a374acf9eb_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
2025-06-30_9e0c509db85253136e21f9a374acf9eb_black-basta_cobalt-strike_luca-stealer_satacom_vidar
-
Size
11.2MB
-
MD5
9e0c509db85253136e21f9a374acf9eb
-
SHA1
77676d1870d5ec1df3b4051b36d6f1e8084c901e
-
SHA256
03fd03cba9b54905d4d60c07b462eec5c2037b766e585e927d77404fb72feb6b
-
SHA512
1a0ec955196471c655b0b5c1ef304a228b778c49700727c08072af41a4a122e5fdbc4d1c3ff21119f35686e17dfafcd32331e1c521819b7efbbdb74c979ec6ea
-
SSDEEP
196608:RP4UOXXKAp2SPuj9fZwQRCgJIKpdzjPO6n7jdnfPTBR2wTC/jzcPyrjinf3Xk:dQIxw8fIKppDOafPTBsgWu3Xk
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3