2025-05-08_d7057134c8f3886a7275c6c549597754_akira_cobalt-strike_rusty-stealer_satacom

Sharing

Copy URL Twitter E-mail

General

Target

2025-05-08_d7057134c8f3886a7275c6c549597754_akira_cobalt-strike_rusty-stealer_satacom
Size

12.3MB
MD5

d7057134c8f3886a7275c6c549597754
SHA1

7df6ef5920533f18b5f03589d5cf250bdb6bc5fb
SHA256

fb762dbd67b05c98f8e0ed027fe24b4b58efe171401c0369fc05950bb41747ca
SHA512

8061413f2db0548b4e84c0cdb40284cf8817e81056fdb4dbdb996b022b2d18d244e37690d8b2b7e5224f7e1570a729a815d131a9ee759ab4df452659c8c2fd33
SSDEEP

98304:Cp8Ol1uD7YAQKUIfkGRU5NgHYQBrEwYPuyGfCt5zMBno6oYs5SoN8:Cp8FD7tQKHywBY4bBi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-05-08_d7057134c8f3886a7275c6c549597754_akira_cobalt-strike_rusty-stealer_satacom

Files

2025-05-08_d7057134c8f3886a7275c6c549597754_akira_cobalt-strike_rusty-stealer_satacom
.exe windows:6 windows x64 arch:x64

ba474356239b6f2b92795531cf27ca06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

puget_benchmark.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

RaiseException
RtlPcToFileHeader
RtlUnwindEx
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
IsProcessorFeaturePresent
EncodePointer
GetCurrentThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
CloseHandle
GetModuleHandleW
GetUserDefaultUILanguage
LCIDToLocaleName
DeleteCriticalSection
LoadLibraryW
GetUserPreferredUILanguages
FormatMessageW
GetCurrentThreadId
FreeConsole
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObjectEx
CancelIo
LoadLibraryA
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
TlsAlloc
GetLastError
ReadDirectoryChangesW
CreateMutexA
GetTempPathW
CreateThread
WriteConsoleW
GetConsoleOutputCP
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
TlsGetValue
TlsSetValue
ReleaseSRWLockExclusive
ExitProcess
SetEnvironmentVariableW
CopyFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindFirstFileExW
CreateDirectoryW
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
GetProcessId
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
GetCurrentProcessId
SetFilePointerEx
LoadLibraryExW
GetEnvironmentVariableW
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
DuplicateHandle
GetCurrentProcess
SetFileInformationByHandle
Sleep
CreatePipe
GetCommandLineW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
WaitForSingleObject
CreateEventW
FreeLibrary
LoadLibraryExA
AddVectoredExceptionHandler
GetNativeSystemInfo
CompareStringOrdinal
FreeEnvironmentStringsW
GetSystemInfo
GetProcAddress
GetModuleHandleA
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
lstrlenW
GetFileInformationByHandle
SetFileCompletionNotificationModes
ReleaseSemaphore
GetQueuedCompletionStatusEx
TlsFree
GetOverlappedResult
ReadFile
CreateIoCompletionPort
PostQueuedCompletionStatus
SetHandleInformation

user32

CreateMenu
GetDC
SetMenuItemInfoW
CloseClipboard
GetKeyboardLayout
CreateIcon
UnregisterHotKey
RegisterHotKey
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetRawInputData
IsProcessDPIAware
AppendMenuW
CreateAcceleratorTableW
SendInput
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
PostQuitMessage
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
CheckMenuItem
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
ToUnicodeEx
ShowCursor
ClipCursor
GetClipCursor
RegisterClipboardFormatW
EnableMenuItem
GetClipboardData
GetSystemMenu
ShowWindow
SetClipboardData
IsClipboardFormatAvailable
RedrawWindow
SetWindowLongW
GetClientRect
SendMessageW
SetMenu
GetActiveWindow
DestroyIcon
DestroyAcceleratorTable
SetCapture
SetWindowLongPtrW
GetMessageA
OpenClipboard
SystemParametersInfoA
PostMessageW
EmptyClipboard
DispatchMessageA
IsIconic
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
GetForegroundWindow
ScreenToClient
GetWindowLongW
RegisterWindowMessageA
RegisterClassExW
ClientToScreen
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
EnumChildWindows
SetCursorPos
InvalidateRgn
ReleaseCapture
DispatchMessageW
TranslateMessage
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
SetCursor
LoadCursorW
CloseTouchInputHandle
GetTouchInputInfo
DestroyWindow
TrackMouseEvent
MonitorFromRect

ole32

CreateStreamOnHGlobal
OleInitialize
RegisterDragDrop
CoTaskMemFree
CoIncrementMTAUsage
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
RevokeDragDrop

shell32

SHCreateItemFromParsingName
SHGetKnownFolderPath
DragFinish
SHAppBarMessage
ShellExecuteW
DragQueryFileW

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ws2_32

ioctlsocket
connect
closesocket
WSAIoctl
bind
getsockopt
WSASocketW
setsockopt
getpeername
getaddrinfo
getsockname
WSAGetLastError
freeaddrinfo
WSAStartup
WSACleanup
WSASend
send
recv
shutdown
listen

advapi32

RegOpenKeyExW
ImpersonateAnonymousToken
RegCloseKey
RevertToSelf
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
SystemFunction036
RegQueryValueExW

secur32

DeleteSecurityContext
QueryContextAttributesW
EncryptMessage
AcceptSecurityContext
FreeContextBuffer
AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
InitializeSecurityContextW

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

uxtheme

SetWindowTheme

ntdll

NtDeviceIoControlFile
RtlGetVersion
NtCancelIoFileEx
NtOpenFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError
NtCreateFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

floor
trunc
round
__setusermatherr
pow

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
_wcsicmp
strlen
wcslen

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_cexit
_c_exit
_configure_narrow_argv
_initialize_onexit_table
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
abort
exit
terminate
_register_onexit_function
_exit
_crt_atexit
__p___argc
strerror
__p___argv

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
malloc
_set_new_mode

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba474356239b6f2b92795531cf27ca06

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

user32

ole32

shell32

comctl32

gdi32

dwmapi

ws2_32

advapi32

secur32

crypt32

api-ms-win-core-winrt-l1-1-0

oleaut32

uxtheme

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 21KB - Virtual size: 32KB

.pdata Size: 425KB - Virtual size: 424KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 21KB - Virtual size: 32KB

.pdata
Size: 425KB - Virtual size: 424KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 46KB - Virtual size: 45KB