General
-
Target
2025-07-04_ace24737792dc7bc4bcd7ea2d4ca5c21_black-basta_cobalt-strike_luca-stealer_satacom_vidar
-
Size
8.4MB
-
Sample
250704-n1gnyadr8x
-
MD5
ace24737792dc7bc4bcd7ea2d4ca5c21
-
SHA1
c8e2dd82bbf50a8ed29765e045da7e55878902d7
-
SHA256
fda4fddd68b7a72ddaa4d3750b0ed099e1be4b91e2982199b5ebb19734d9538c
-
SHA512
90787a6092bb2a7bd7b3d26ffac13a8bd1762f8f16e7bcb8b4dc6a0399ef69609944bb0668ae82f302a360464325209f1b8f69175f3a6ffc7003d70079275046
-
SSDEEP
196608:AFrTtB3HROXBUfZAv9urErvI9pWjgfPvzm6gsFEr4f6d:+3tB3x6wZAlurEUWjC3zDbG4f6d
Behavioral task
behavioral1
Sample
2025-07-04_ace24737792dc7bc4bcd7ea2d4ca5c21_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win10v2004-20250619-en
Malware Config
Targets
-
-
Target
2025-07-04_ace24737792dc7bc4bcd7ea2d4ca5c21_black-basta_cobalt-strike_luca-stealer_satacom_vidar
-
Size
8.4MB
-
MD5
ace24737792dc7bc4bcd7ea2d4ca5c21
-
SHA1
c8e2dd82bbf50a8ed29765e045da7e55878902d7
-
SHA256
fda4fddd68b7a72ddaa4d3750b0ed099e1be4b91e2982199b5ebb19734d9538c
-
SHA512
90787a6092bb2a7bd7b3d26ffac13a8bd1762f8f16e7bcb8b4dc6a0399ef69609944bb0668ae82f302a360464325209f1b8f69175f3a6ffc7003d70079275046
-
SSDEEP
196608:AFrTtB3HROXBUfZAv9urErvI9pWjgfPvzm6gsFEr4f6d:+3tB3x6wZAlurEUWjC3zDbG4f6d
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1