General

  • Target

    2025-06-17_292e9cdb07f309ca2c627012f3081b6c_black-basta_cobalt-strike_luca-stealer_mespinoza_ryuk_satacom_vidar

  • Size

    7.5MB

  • Sample

    250701-fv7zyaslz4

  • MD5

    292e9cdb07f309ca2c627012f3081b6c

  • SHA1

    7fdbad806675d147134e3ca04c62cb74ed495e04

  • SHA256

    4c7da3a6d3f4e5ca2bcf070986089d29080911945f085087af8a79685a9b97ba

  • SHA512

    e1bfe146d838283722dfc22bf55dd5d059b3999a442710800769d5c5c5c92151919a9648f5afd6ce260a43e3b6f5c4da6a48946af7945448dd8410e19e3e0265

  • SSDEEP

    196608:U+uWzC+s2+FHK9stl5VnIYBj8kr+FHK9stl5VnIYBj8ko:U+zz+FHHBIYBr6FHHBIYBro

Malware Config

Targets

    • Target

      2025-06-17_292e9cdb07f309ca2c627012f3081b6c_black-basta_cobalt-strike_luca-stealer_mespinoza_ryuk_satacom_vidar

    • Size

      7.5MB

    • MD5

      292e9cdb07f309ca2c627012f3081b6c

    • SHA1

      7fdbad806675d147134e3ca04c62cb74ed495e04

    • SHA256

      4c7da3a6d3f4e5ca2bcf070986089d29080911945f085087af8a79685a9b97ba

    • SHA512

      e1bfe146d838283722dfc22bf55dd5d059b3999a442710800769d5c5c5c92151919a9648f5afd6ce260a43e3b6f5c4da6a48946af7945448dd8410e19e3e0265

    • SSDEEP

      196608:U+uWzC+s2+FHK9stl5VnIYBj8kr+FHK9stl5VnIYBj8ko:U+zz+FHHBIYBr6FHHBIYBro

    • Detect SalatStealer payload

    • Salatstealer family

    • salatstealer

      SalatStealer is a stealer that takes sceenshot written in Golang.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks