General

  • Target

    2025-07-01_cbdbb287a215f32a44bfb29366d7e6c8_black-basta_cobalt-strike_luca-stealer_satacom_vidar

  • Size

    12.0MB

  • Sample

    250701-j8mgyatly3

  • MD5

    cbdbb287a215f32a44bfb29366d7e6c8

  • SHA1

    9547cfb360d4a26d8390c94563723bd6d457e4fd

  • SHA256

    b2c635fee1403b6e1a4bdcf817a7ede02b8296b89c4f294faae9248a499cda86

  • SHA512

    a6b5994a9c0d4fe388fdba0fb8c2285809e41209beedf3ca46aba486227a976decab1f0c106c6b758819ae4d9ea8247f2c8c7a483a1811ab1413fff096e0d170

  • SSDEEP

    196608:MJ0XRmkwfI9jUCZ6rlaZLH7qRGrmIY4SEfobPTBL8lTG+cTyrjinRcpy:FcIHM0drrYZnbPTBBWMcpy

Malware Config

Targets

    • Target

      2025-07-01_cbdbb287a215f32a44bfb29366d7e6c8_black-basta_cobalt-strike_luca-stealer_satacom_vidar

    • Size

      12.0MB

    • MD5

      cbdbb287a215f32a44bfb29366d7e6c8

    • SHA1

      9547cfb360d4a26d8390c94563723bd6d457e4fd

    • SHA256

      b2c635fee1403b6e1a4bdcf817a7ede02b8296b89c4f294faae9248a499cda86

    • SHA512

      a6b5994a9c0d4fe388fdba0fb8c2285809e41209beedf3ca46aba486227a976decab1f0c106c6b758819ae4d9ea8247f2c8c7a483a1811ab1413fff096e0d170

    • SSDEEP

      196608:MJ0XRmkwfI9jUCZ6rlaZLH7qRGrmIY4SEfobPTBL8lTG+cTyrjinRcpy:FcIHM0drrYZnbPTBBWMcpy

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks