General
-
Target
2025-07-01_cbdbb287a215f32a44bfb29366d7e6c8_black-basta_cobalt-strike_luca-stealer_satacom_vidar
-
Size
12.0MB
-
Sample
250701-j8mgyatly3
-
MD5
cbdbb287a215f32a44bfb29366d7e6c8
-
SHA1
9547cfb360d4a26d8390c94563723bd6d457e4fd
-
SHA256
b2c635fee1403b6e1a4bdcf817a7ede02b8296b89c4f294faae9248a499cda86
-
SHA512
a6b5994a9c0d4fe388fdba0fb8c2285809e41209beedf3ca46aba486227a976decab1f0c106c6b758819ae4d9ea8247f2c8c7a483a1811ab1413fff096e0d170
-
SSDEEP
196608:MJ0XRmkwfI9jUCZ6rlaZLH7qRGrmIY4SEfobPTBL8lTG+cTyrjinRcpy:FcIHM0drrYZnbPTBBWMcpy
Behavioral task
behavioral1
Sample
2025-07-01_cbdbb287a215f32a44bfb29366d7e6c8_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
2025-07-01_cbdbb287a215f32a44bfb29366d7e6c8_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win11-20250610-en
Malware Config
Targets
-
-
Target
2025-07-01_cbdbb287a215f32a44bfb29366d7e6c8_black-basta_cobalt-strike_luca-stealer_satacom_vidar
-
Size
12.0MB
-
MD5
cbdbb287a215f32a44bfb29366d7e6c8
-
SHA1
9547cfb360d4a26d8390c94563723bd6d457e4fd
-
SHA256
b2c635fee1403b6e1a4bdcf817a7ede02b8296b89c4f294faae9248a499cda86
-
SHA512
a6b5994a9c0d4fe388fdba0fb8c2285809e41209beedf3ca46aba486227a976decab1f0c106c6b758819ae4d9ea8247f2c8c7a483a1811ab1413fff096e0d170
-
SSDEEP
196608:MJ0XRmkwfI9jUCZ6rlaZLH7qRGrmIY4SEfobPTBL8lTG+cTyrjinRcpy:FcIHM0drrYZnbPTBBWMcpy
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3