Analysis
-
max time kernel
39s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20250610-en -
resource tags
arch:x64arch:x86image:win11-20250610-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/07/2025, 18:53
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-02_e6f4a9a6109a801eb01bfebc1edfe6e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
2025-07-02_e6f4a9a6109a801eb01bfebc1edfe6e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win11-20250610-en
General
-
Target
2025-07-02_e6f4a9a6109a801eb01bfebc1edfe6e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
-
Size
1.0MB
-
MD5
e6f4a9a6109a801eb01bfebc1edfe6e9
-
SHA1
65f2a9a413ef38aafc7f31af3a5074b92a367319
-
SHA256
7f54ae1177e630d021a39d99f9d0f85fbc20c0ca0ded98025da24a57fde6e009
-
SHA512
77bf93a183a4b036ffdd2508ef9b2628908a6d3ea62199deb9c4d962e8a3218945b8d46db9f1a54beec1f2169c5a0aeafd2cda38ef3458020317fd05c74374e2
-
SSDEEP
24576:tkSa+dRJzECwF5SSiVw6uAX8DS52tpz9ZRzbPmSZyo:tkSa+ZzEb5SW6H8DS52tdDpbRZy
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3876 alg.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2025-07-02_e6f4a9a6109a801eb01bfebc1edfe6e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1456 2025-07-02_e6f4a9a6109a801eb01bfebc1edfe6e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6f4a9a6109a801eb01bfebc1edfe6e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6f4a9a6109a801eb01bfebc1edfe6e9_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1456
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:3876
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
676KB
MD5b5a6c01a6861f3d8bc567c121ff90e84
SHA11d59eb4798e52c211df3f68a26b7acf481b24556
SHA2564df615bb0218e9b2b41a61608287c9706cc50f6247868e0d147879485bdf069f
SHA5120ea00cba81185e8b427fd3edff5df82ae1e9c2410d789585e6e06cabb04fcb9eafcb5267f4decb7f237a92ef28b1958acd10db8d3b2ce66f3394116faaccd776