General

  • Target

    2025-07-04_ace24737792dc7bc4bcd7ea2d4ca5c21_black-basta_cobalt-strike_luca-stealer_satacom_vidar

  • Size

    8.4MB

  • Sample

    250704-n1gnyadr8x

  • MD5

    ace24737792dc7bc4bcd7ea2d4ca5c21

  • SHA1

    c8e2dd82bbf50a8ed29765e045da7e55878902d7

  • SHA256

    fda4fddd68b7a72ddaa4d3750b0ed099e1be4b91e2982199b5ebb19734d9538c

  • SHA512

    90787a6092bb2a7bd7b3d26ffac13a8bd1762f8f16e7bcb8b4dc6a0399ef69609944bb0668ae82f302a360464325209f1b8f69175f3a6ffc7003d70079275046

  • SSDEEP

    196608:AFrTtB3HROXBUfZAv9urErvI9pWjgfPvzm6gsFEr4f6d:+3tB3x6wZAlurEUWjC3zDbG4f6d

Malware Config

Targets

    • Target

      2025-07-04_ace24737792dc7bc4bcd7ea2d4ca5c21_black-basta_cobalt-strike_luca-stealer_satacom_vidar

    • Size

      8.4MB

    • MD5

      ace24737792dc7bc4bcd7ea2d4ca5c21

    • SHA1

      c8e2dd82bbf50a8ed29765e045da7e55878902d7

    • SHA256

      fda4fddd68b7a72ddaa4d3750b0ed099e1be4b91e2982199b5ebb19734d9538c

    • SHA512

      90787a6092bb2a7bd7b3d26ffac13a8bd1762f8f16e7bcb8b4dc6a0399ef69609944bb0668ae82f302a360464325209f1b8f69175f3a6ffc7003d70079275046

    • SSDEEP

      196608:AFrTtB3HROXBUfZAv9urErvI9pWjgfPvzm6gsFEr4f6d:+3tB3x6wZAlurEUWjC3zDbG4f6d

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks