General
-
Target
2025-07-04_ab5167ced5b7915bb0585b36d48d0aad_black-basta_cobalt-strike_hijackloader_mespinoza_ryuk_satacom_vidar
-
Size
9.4MB
-
Sample
250704-nz75hasnz2
-
MD5
ab5167ced5b7915bb0585b36d48d0aad
-
SHA1
cdbe61799b0a7374a7bf90bbb0addb05a7f17f0f
-
SHA256
d396fe4602cd506bd80674a49227dd862df5f5c2121fa30a2d74895b8300bfd4
-
SHA512
edfa700e8c087bc23184e78576cce15c36a341508394659b727b55a084b4c3341b3b6af7a3e6ba05cdbd5852e76f1098f6076e9e5a99203c438d2f16c30d7aa7
-
SSDEEP
98304:5v2tQGjm82A7yudDosxYzRO2xd1jdzJBFBI3++wteEmXxRDBxZer86dSVqW:J2tc82AGgxYzzd/JW3+BqhRDw8Aa
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-04_ab5167ced5b7915bb0585b36d48d0aad_black-basta_cobalt-strike_hijackloader_mespinoza_ryuk_satacom_vidar.exe
Resource
win10v2004-20250610-en
Malware Config
Targets
-
-
Target
2025-07-04_ab5167ced5b7915bb0585b36d48d0aad_black-basta_cobalt-strike_hijackloader_mespinoza_ryuk_satacom_vidar
-
Size
9.4MB
-
MD5
ab5167ced5b7915bb0585b36d48d0aad
-
SHA1
cdbe61799b0a7374a7bf90bbb0addb05a7f17f0f
-
SHA256
d396fe4602cd506bd80674a49227dd862df5f5c2121fa30a2d74895b8300bfd4
-
SHA512
edfa700e8c087bc23184e78576cce15c36a341508394659b727b55a084b4c3341b3b6af7a3e6ba05cdbd5852e76f1098f6076e9e5a99203c438d2f16c30d7aa7
-
SSDEEP
98304:5v2tQGjm82A7yudDosxYzRO2xd1jdzJBFBI3++wteEmXxRDBxZer86dSVqW:J2tc82AGgxYzzd/JW3+BqhRDw8Aa
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1