Analysis
-
max time kernel
133s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2025, 05:55
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe
Resource
win10v2004-20250610-en
General
-
Target
2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe
-
Size
18.1MB
-
MD5
99e29a7329471d645c3fa437b9aba6a4
-
SHA1
fd97764ffa8ce284d780aa78f12a4f2e38247c63
-
SHA256
7224c29dabfb308937e6feeb58e333b2195a3d23b43b3681b35fe1c8b06e3d44
-
SHA512
9f0918358850d3a7a1922f4ef246b1525d2eb2b57882ce6707a0df5c4a55c9bcf7e25dc1855321b04565ca183d89fcf2bafa67f1a9f4688302baeebed82b5d8e
-
SSDEEP
393216:LGGgsyv/9l4oNWMgqbazd7gV3QV/AVWbIOKpTy+3nXaLOIEFyc:ese/9lXxNbahgVAzwpTBXaLUt
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2400 AutostraferNewNOIP.exe -
Loads dropped DLL 39 IoCs
pid Process 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe 2400 AutostraferNewNOIP.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 21 discord.com 22 discord.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3912 wrote to memory of 2400 3912 2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe 89 PID 3912 wrote to memory of 2400 3912 2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe 89 PID 2400 wrote to memory of 3184 2400 AutostraferNewNOIP.exe 90 PID 2400 wrote to memory of 3184 2400 AutostraferNewNOIP.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exeC:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:3184
-
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
121KB
MD5a25cdcf630c024047a47a53728dc87cd
SHA18555ae488e0226a272fd7db9f9bdbb7853e61a21
SHA2563d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac
SHA512f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af
-
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll
Filesize36.4MB
MD55e46c3d334c90c3029eb6ae2a3fe58f2
SHA1ad3d806f720289ccb90ce8bfd0da49fa99e7777b
SHA25657b87772bf676b5c2d718c79dddc9f039d79ec3319fee1398cc305adff7b69e5
SHA5124bd29d19b619076a64a928f3871edcce8416bcf100c1aa1250932479d6536d9497f2f9a2668c90b3479d0d4ab4234ffa06f81bc6b107fad1be5097fa2b60ab28
-
Filesize
2.7MB
MD5ea2e696dd221290a44fc7f095c4f185b
SHA1dd5ae42ae6d2678d65b003ba4ca8286a80586869
SHA256c76d812fa5131fe21c8bf9ffbd910f27df80856f910fa61698f23f60cfd9d13e
SHA5127a811681652fb53d2da2ec0042b73a6b75b95defc9b47422df0148832a71079832a10d45ac6e457d26a708a30544ad45f08a87e61426c1f3c8252e48c6374b27
-
Filesize
251KB
MD5f380b1902f06ed89554a6a7f76fef247
SHA148bc984fe47823eab6d59db171cee6f7ce33bbf6
SHA25605d5fe8a5a79b1d5836e58307afdd0c8570a7c4e1ed0b6a6294f3978db0dc6c4
SHA512a4b7f5405836c746148c14145b76e898228ba29d67ed122adfe68007e4ecc8893825f0a6c7e706035d112874894d588533a715a6aea33d3c83a1dfe7161d0ca4
-
Filesize
679KB
MD56de59567e3c76ab31b85ae334e173721
SHA103a81c8a9636e5623b7c98c117b1aaf6d34bfef3
SHA256003c7af2699a370efc1a90bf42ac3b449c27ff9c24b11136dd245bf50ed2240f
SHA512b89e2222bc1f6c13145bd13c404bcff7af304565293d36e0fff619687e65c3909cc94f6adb01447a1bef523a5db5009520a1867aa76045a46f99368201a2f3f5
-
Filesize
583KB
MD5fe1f1ca966c6041483a00d4940380c95
SHA1a7c273ccca6bccb4cd709104d02c6e9af01eb49b
SHA2567dda3c60d25791c53c2eca99eab696347b6a8ee20f3f8307d7efbf086cbbc5bf
SHA51242476929a8307eb088728fb3cabe971239aefd2ca60785f4141b4a215d7a360b256bb8060dbdbcd08b68430719d4ea05214cbd48e25336492909d1378ea29c27
-
Filesize
22.4MB
MD5906bdbe33b16d99872ad3ab0919e9e77
SHA1191dfe5f23a1e10df971983cb400b1269713b6d2
SHA256759c1bd0e218c1e7154720a05e1c31ec73959633f8c3173ad1a89ab50d9f8775
SHA51290448ebd50e1392cc25cced7c1dd23f180fc12d8736a20bf8bd052df97d8190b0b608c3020b8394b8a8cb8386d76dc616b9b9ac134a23d69f0dee3627ab960e0
-
Filesize
116KB
MD5be8dbe2dc77ebe7f88f910c61aec691a
SHA1a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA2564d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA5120da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655
-
Filesize
63KB
MD5ba682dfcdd600a4bb43a51a0d696a64c
SHA1df85ad909e9641f8fcaa0f8f5622c88d904e9e20
SHA2562ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd
SHA51279c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636
-
Filesize
31KB
MD5284fbc1b32f0282fc968045b922a4ee2
SHA17ccea7a48084f2c8463ba30ddae8af771538ae82
SHA256ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766
SHA512baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065
-
Filesize
77KB
MD5485d998a2de412206f04fa028fe6ba90
SHA1286e29d4f91a46171ba1e3c8229e6de94b499f1d
SHA2568f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76
SHA51268591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f
-
Filesize
62KB
MD5b9433c77e6b04532ac587056d21947c2
SHA10bcbf7b0ae1c3b815788b62879384217d9744abf
SHA256a3488d90b5493dd0af5054750194cdeafbf05db42e881c78d92449932565308d
SHA512a0fcbf898038f2337db8b2aa5873e3fd8970f5f7d01725e9a20be091985495feab01d7dc7b8a6b7ab898d2875566029fd3d217883a1301bf67f8c4288bb29b4f
-
Filesize
5.0MB
MD5e547cf6d296a88f5b1c352c116df7c0c
SHA1cafa14e0367f7c13ad140fd556f10f320a039783
SHA25605fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA5129f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d
-
Filesize
38KB
MD50f8e4992ca92baaf54cc0b43aaccce21
SHA1c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA5126e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978
-
Filesize
63KB
MD554192025aa4449a24e8c84ae0f25b164
SHA1381f50a8354c4abb12b76fa6e74fd526fbce2da9
SHA256c31d1abe635e9006caa9fedda260dd4e4fdba31fbdcc8ac0969ab0396a0c6c4e
SHA5121a3210c5c24a86d6cd6e3f2c19ba211611d5054cf04f6f5d22268a99f9ce6a8f61cab41d0d636e6163605180a94e90f0cf2b3832b2c3f731371fe4fd3d96a5c7
-
Filesize
107KB
MD579f63fa108140ba54d5aea030df4be95
SHA11ae3b933106095928c54e1dba66f0966f98ce48b
SHA256207c894d4a97d5eac328a87936b1c5a160cf1163d8b3f59b3c43792d9b5224a4
SHA5128bef8bcc947c6d7b07a6b9d40eac134c4190abbc302a175e1e7b8d70a2eea8f2f7a9aaa0a0ff6b1fb74f6d7153cf6d63f8fb9d822bc58e98621f54c94c45bd81
-
Filesize
104KB
MD5c38f96f75d504fa0c2df82327beeca31
SHA1d059816e107302a43b60c0081b91a667327ddc13
SHA25605922a2be823ec2e4d2378a73b05bb37f2816aeea86b613a9c80e25764ac8736
SHA512a0609881d8d7335fc4dfa79584494b56dd1875e10564035a432bae2bfe206a0f9ddad500bb4d84e3b68a1bea0c698d5b04b19b30e02fe36410451c2a7d2147ba
-
Filesize
171KB
MD59859d240504af306b9e130b1ae0a28d3
SHA19f87f3badce2c4f02d8780c35acca16c67c44917
SHA256f41809c03d13487fa8940cc30f5ff2125143ebf071bca10e081d026028c435fd
SHA51216ff6686f7f058c061e4e5d9f411b195c064c3c4871613957d30b50055e428bb9b51c22558267e4ae1089a33a21fabd4de00b525906aba9aae7325b7ae1d2920
-
Filesize
73KB
MD5046eea12f5582cfc5b4dd95c95f3568e
SHA127fd4be133ca784bd8f15ec65234069d7a427325
SHA25636bbd3767a4efc1e5ddd4f96b7b705fc664e95a629abbe7e3b5e5951cdead3f0
SHA51285570a0dc3200387763570a474089e80ab5e61dc3d271fa01f5d0e7ed9bc61954bd2fe92a7a20f6ab5ca5ff47a6047f6f80551b4dcdac13ba962d790b36d91ed
-
Filesize
81KB
MD56fdbf3346994c777608f0ad5cbaca3cd
SHA179e08ae5c2ee684537c73f58feff25a3deef0bc7
SHA256e09a53b33a1908aa4eb58a07166d5beaffe2072ceded2f80df59831adf7fb8df
SHA512cef969246e8dbc8809ca21b7fc691c6d52eca977f433331ff05a491689dc4ded79a53c390aefa645834fd395477e428b151a91acf9037943279288a261f46403
-
Filesize
68KB
MD57ad1efc0a62a692722b5eef7b6f8414a
SHA15a0d5f305b149c460e7f720efe5ea168643f0177
SHA2569a777f3f9a59f3d88de84dc3e499138335c3a6cf3bee1b875d9626d6cdf6e098
SHA51259bdf9723854683a6955dcd07d99b05a8f11f2a708171e3cd9ed6cde17ce739c27a4cabe13f1997967f9e87672a9bab36591dc530fdca1df5886ab4b5710468e
-
Filesize
49KB
MD5441f1537e70a2eea00f4369e46a26be0
SHA1aff994dd60f33c2aaac480c959351f1684349c39
SHA256180453afefeff645f9fdb2de54a3cb72d8becb87936ea82e2d7a56592aca3068
SHA512124034b67b0a1abe0e2b3ea8605f25970e224c7b9f72cd7ba2fdd63396afc94bf981224f2fbdc2d45fce3bad299a04238f52a147f0cf8519c26360e55e4359ab
-
Filesize
160KB
MD54f9e45169d349a4922a251df4af06b12
SHA1eb4c248b9b5fecc0518d5fbc77652bc8509cc8e3
SHA2569ad713f6a93c26bb733a90f877b50d51d7f22eef161aa58e40735a5cec149501
SHA51290dcd6f1e35dde8a37690a2c70036f6903ce868e0bfdce930941ea71dc58de5748dcd4fd1af8745d85aca7d643199512ddc628615382f26340eda3fb229113b5
-
Filesize
5.5MB
MD5d06da79bfd21bb355dc3e20e17d3776c
SHA1610712e77f80d2507ffe85129bfeb1ff72fa38bf
SHA2562835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1
SHA512e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a
-
Filesize
131KB
MD590b786dc6795d8ad0870e290349b5b52
SHA1592c54e67cf5d2d884339e7a8d7a21e003e6482f
SHA25689f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a
SHA512c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72
-
Filesize
29KB
MD5e07ae2f7f28305b81adfd256716ae8c6
SHA19222cd34c14a116e7b9b70a82f72fc523ef2b2f6
SHA256fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c
SHA512acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4
-
Filesize
1.8MB
MD5ac6cd2fb2cd91780db186b8d6e447b7c
SHA1b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a
SHA256a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6
SHA51245b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6
-
Filesize
1KB
MD5e9117326c06fee02c478027cb625c7d8
SHA12ed4092d573289925a5b71625cf43cc82b901daf
SHA256741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52
-
Filesize
1.5MB
MD5499fa3dea045af56ee5356c0ce7d6ce2
SHA10444b7d4ecd25491245824c17b84916ee5b39f74
SHA25620139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94
SHA512d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1
-
Filesize
1.1MB
MD55cc36a5de45a2c16035ade016b4348eb
SHA135b159110e284b83b7065d2cff0b5ef4ccfa7bf1
SHA256f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20
SHA5129cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1
-
Filesize
48KB
MD5f8dfa78045620cf8a732e67d1b1eb53d
SHA1ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371
-
Filesize
130KB
MD51d6762b494dc9e60ca95f7238ae1fb14
SHA1aa0397d96a0ed41b2f03352049dafe040d59ad5d
SHA256fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664
SHA5120b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00