Extracted

Extracted

• • Target

    2025-05-07_755f729cda224514c6c43246b3ffa79d_black-basta_cobalt-strike_hijackloader_satacom

  • Size

    265KB

  • MD5

    755f729cda224514c6c43246b3ffa79d

  • SHA1

    35b9c9289acddf0fe92f53991082f3c1c3de6931

  • SHA256

    6e23e25cd1122f74d193d8127f59236622f03029a19067a3960ba9cd0d355d32

  • SHA512

    9b4bec044003459c89f4253811e7884e99a65c5bc8da99a6f6005f2d03ad9cba601c1740fabb252c4d861ac0948d9f8e644f01041d3a4bbfcf7eab6a732bec86

  • SSDEEP

    6144:JXLFSWSHnx2GJbMQ54hcn4vRSwMd7wvc:JbFSWSHEGJ54h0ERSwM+

  Score

  10^/10

  phorphiexdefense_evasiondiscoveryexecutionloaderpersistencespywarestealertrojanworm

  • Phorphiex family

    phorphiex

  • Phorphiex payload

  • Phorphiex, Phorpiex

    Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex

  • Downloads MZ/PE file

  • Stops running service(s)

    defense_evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1