General

  • Target

    2025-07-04_ab5167ced5b7915bb0585b36d48d0aad_black-basta_cobalt-strike_hijackloader_mespinoza_ryuk_satacom_vidar

  • Size

    9.4MB

  • Sample

    250704-nz75hasnz2

  • MD5

    ab5167ced5b7915bb0585b36d48d0aad

  • SHA1

    cdbe61799b0a7374a7bf90bbb0addb05a7f17f0f

  • SHA256

    d396fe4602cd506bd80674a49227dd862df5f5c2121fa30a2d74895b8300bfd4

  • SHA512

    edfa700e8c087bc23184e78576cce15c36a341508394659b727b55a084b4c3341b3b6af7a3e6ba05cdbd5852e76f1098f6076e9e5a99203c438d2f16c30d7aa7

  • SSDEEP

    98304:5v2tQGjm82A7yudDosxYzRO2xd1jdzJBFBI3++wteEmXxRDBxZer86dSVqW:J2tc82AGgxYzzd/JW3+BqhRDw8Aa

Malware Config

Targets

    • Target

      2025-07-04_ab5167ced5b7915bb0585b36d48d0aad_black-basta_cobalt-strike_hijackloader_mespinoza_ryuk_satacom_vidar

    • Size

      9.4MB

    • MD5

      ab5167ced5b7915bb0585b36d48d0aad

    • SHA1

      cdbe61799b0a7374a7bf90bbb0addb05a7f17f0f

    • SHA256

      d396fe4602cd506bd80674a49227dd862df5f5c2121fa30a2d74895b8300bfd4

    • SHA512

      edfa700e8c087bc23184e78576cce15c36a341508394659b727b55a084b4c3341b3b6af7a3e6ba05cdbd5852e76f1098f6076e9e5a99203c438d2f16c30d7aa7

    • SSDEEP

      98304:5v2tQGjm82A7yudDosxYzRO2xd1jdzJBFBI3++wteEmXxRDBxZer86dSVqW:J2tc82AGgxYzzd/JW3+BqhRDw8Aa

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks