2025-05-08_09b8552d5057f3c78c646c3159846f6e_akira_cobalt-strike_rusty-stealer_satacom

Sharing

Copy URL Twitter E-mail

General

Target

2025-05-08_09b8552d5057f3c78c646c3159846f6e_akira_cobalt-strike_rusty-stealer_satacom
Size

12.2MB
MD5

09b8552d5057f3c78c646c3159846f6e
SHA1

7f27b99904deabc5f392748caa51efec0470d94c
SHA256

49a646221cd170326383fa3c565da4e31652eba40114451a28834e49e5a4aa6c
SHA512

9e75d563cf52ecd97394ba93c14a2246169ee5df77c7bb1bf6cc9c847354ea2d1e0c490ce6ce16045996816000aa7ce668ac162a0f60b7855629ad97765d7beb
SSDEEP

98304:XKfVOLEAvLmcpVoPtC9H72kKZVR8wVQBrEwcPuyGfL1w+xVkn/ru+X5/flzBYQ8:XKf8TmcpetCN2H8BY2JvUj8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-05-08_09b8552d5057f3c78c646c3159846f6e_akira_cobalt-strike_rusty-stealer_satacom

Files

2025-05-08_09b8552d5057f3c78c646c3159846f6e_akira_cobalt-strike_rusty-stealer_satacom
.exe windows:6 windows x64 arch:x64

e30bba61f30085a0865fa05c145e5072

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

puget_benchmark.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

EncodePointer
GetCurrentThread
GlobalUnlock
GlobalSize
RaiseException
GetUserDefaultUILanguage
LCIDToLocaleName
RtlPcToFileHeader
LoadLibraryW
RtlUnwindEx
TlsAlloc
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
GetModuleHandleW
DeleteCriticalSection
IsProcessorFeaturePresent
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GetCurrentThreadId
FreeConsole
GetProcessHeap
HeapAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
TlsGetValue
FormatMessageW
TlsSetValue
SetUnhandledExceptionFilter
GetLastError
CreateMutexA
GetTempPathW
CreateThread
WriteConsoleW
GetConsoleOutputCP
CreateProcessW
GetWindowsDirectoryW
GlobalAlloc
GetSystemDirectoryW
GetFullPathNameW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
CopyFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
DeleteFileW
FindFirstFileExW
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
GlobalLock
FindClose
FindNextFileW
ReleaseMutex
LoadLibraryExW
HeapReAlloc
GetEnvironmentVariableW
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
GetSystemTimePreciseAsFileTime
LoadLibraryA
Sleep
CreatePipe
QueryPerformanceFrequency
GetProcessId
TerminateProcess
GetExitCodeProcess
GetUserPreferredUILanguages
SleepEx
WaitForSingleObject
CreateEventW
WriteFileEx
FreeLibrary
GetCurrentProcessId
GetNativeSystemInfo
GetSystemInfo
GetProcAddress
GetModuleHandleA
SetFilePointerEx
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
lstrlenW
DuplicateHandle
GetCurrentProcess
SetFileInformationByHandle
ReleaseSemaphore
ReadDirectoryChangesW
CreateSemaphoreW
CreateFileW
CancelIo
WaitForSingleObjectEx
GetCommandLineW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetHandleInformation
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
FreeEnvironmentStringsW
GetFileInformationByHandle
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateIoCompletionPort
ReadFile
GetOverlappedResult
TlsFree

user32

RegisterWindowMessageA
RegisterClassExW
EmptyClipboard
OpenClipboard
RegisterRawInputDevices
IsClipboardFormatAvailable
GetClipboardData
DispatchMessageA
GetMessageA
MsgWaitForMultipleObjectsEx
CreateIcon
ToUnicodeEx
GetKeyboardLayout
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
SetWindowLongPtrW
GetKeyboardState
SetCapture
GetRawInputData
PostQuitMessage
AppendMenuW
CreateMenu
SetMenuItemInfoW
CloseClipboard
CreateAcceleratorTableW
SystemParametersInfoA
IsWindowVisible
AdjustWindowRectEx
UnregisterHotKey
RegisterHotKey
DestroyIcon
RegisterClipboardFormatW
SendMessageW
EnumChildWindows
CheckMenuItem
GetMenu
ShowCursor
EnumDisplayMonitors
ClipCursor
GetClipCursor
MonitorFromPoint
EnableMenuItem
SetWindowTextW
GetSystemMenu
GetWindowTextLengthW
RedrawWindow
GetClientRect
SetMenu
GetActiveWindow
IsIconic
ShowWindow
SetWindowLongW
DestroyAcceleratorTable
IsProcessDPIAware
PostMessageW
GetDC
SetClipboardData
GetWindowRect
ScreenToClient
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
SendInput
GetForegroundWindow
GetWindowLongW
ClientToScreen
SetForegroundWindow
GetWindowLongPtrW
SetWindowDisplayAffinity
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetWindowTextW
SetCursorPos
InvalidateRgn
ReleaseCapture
DispatchMessageW
TranslateMessage
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
SetCursor
LoadCursorW
CloseTouchInputHandle
GetTouchInputInfo
DestroyWindow
TrackMouseEvent
MonitorFromRect

ole32

RevokeDragDrop
CoTaskMemFree
OleInitialize
CreateStreamOnHGlobal
CoIncrementMTAUsage
CoTaskMemAlloc
RegisterDragDrop
CoCreateInstance
CoUninitialize
CoInitializeEx

shell32

SHGetKnownFolderPath
DragQueryFileW
SHAppBarMessage
ShellExecuteW
DragFinish
SHCreateItemFromParsingName

comctl32

TaskDialogIndirect
SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ws2_32

setsockopt
WSAIoctl
closesocket
WSASend
send
WSAStartup
WSACleanup
WSAGetLastError
recv
shutdown
getaddrinfo
getsockopt
listen
ioctlsocket
connect
bind
WSASocketW
getsockname
freeaddrinfo
getpeername

advapi32

RegQueryValueExW
RevertToSelf
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
SystemFunction036
RegCloseKey
ImpersonateAnonymousToken
RegOpenKeyExW

secur32

FreeCredentialsHandle
AcquireCredentialsHandleA
ApplyControlToken
QueryContextAttributesW
AcceptSecurityContext
FreeContextBuffer
DecryptMessage
DeleteSecurityContext
EncryptMessage
InitializeSecurityContextW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertAddCertificateContextToStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
SysStringLen

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

uxtheme

SetWindowTheme

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtReadFile
RtlGetVersion
NtCreateFile
NtOpenFile
NtCancelIoFileEx
NtWriteFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

round
floor
__setusermatherr
trunc
pow

api-ms-win-crt-string-l1-1-0

strlen
strcpy_s
wcsncmp
_wcsicmp
wcslen

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
terminate
__p___argv
_cexit
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
strerror
abort
_seh_filter_exe

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
_callnewh
malloc

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e30bba61f30085a0865fa05c145e5072

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

user32

ole32

shell32

comctl32

gdi32

dwmapi

ws2_32

advapi32

secur32

crypt32

oleaut32

api-ms-win-core-winrt-l1-1-0

uxtheme

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 21KB - Virtual size: 32KB

.pdata Size: 423KB - Virtual size: 423KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 45KB - Virtual size: 45KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 21KB - Virtual size: 32KB

.pdata
Size: 423KB - Virtual size: 423KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 45KB - Virtual size: 45KB