General
-
Target
2025-06-17_292e9cdb07f309ca2c627012f3081b6c_black-basta_cobalt-strike_luca-stealer_mespinoza_ryuk_satacom_vidar
-
Size
7.5MB
-
Sample
250701-fv7zyaslz4
-
MD5
292e9cdb07f309ca2c627012f3081b6c
-
SHA1
7fdbad806675d147134e3ca04c62cb74ed495e04
-
SHA256
4c7da3a6d3f4e5ca2bcf070986089d29080911945f085087af8a79685a9b97ba
-
SHA512
e1bfe146d838283722dfc22bf55dd5d059b3999a442710800769d5c5c5c92151919a9648f5afd6ce260a43e3b6f5c4da6a48946af7945448dd8410e19e3e0265
-
SSDEEP
196608:U+uWzC+s2+FHK9stl5VnIYBj8kr+FHK9stl5VnIYBj8ko:U+zz+FHHBIYBr6FHHBIYBro
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-17_292e9cdb07f309ca2c627012f3081b6c_black-basta_cobalt-strike_luca-stealer_mespinoza_ryuk_satacom_vidar.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
2025-06-17_292e9cdb07f309ca2c627012f3081b6c_black-basta_cobalt-strike_luca-stealer_mespinoza_ryuk_satacom_vidar.exe
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
2025-06-17_292e9cdb07f309ca2c627012f3081b6c_black-basta_cobalt-strike_luca-stealer_mespinoza_ryuk_satacom_vidar
-
Size
7.5MB
-
MD5
292e9cdb07f309ca2c627012f3081b6c
-
SHA1
7fdbad806675d147134e3ca04c62cb74ed495e04
-
SHA256
4c7da3a6d3f4e5ca2bcf070986089d29080911945f085087af8a79685a9b97ba
-
SHA512
e1bfe146d838283722dfc22bf55dd5d059b3999a442710800769d5c5c5c92151919a9648f5afd6ce260a43e3b6f5c4da6a48946af7945448dd8410e19e3e0265
-
SSDEEP
196608:U+uWzC+s2+FHK9stl5VnIYBj8kr+FHK9stl5VnIYBj8ko:U+zz+FHHBIYBr6FHHBIYBro
-
Detect SalatStealer payload
-
Salatstealer family
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-