strela | 2024-12-24_0a9d0453c82cb3b844a55b060c642f02_cobalt-strike_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-24_0a9d0453c82cb3b844a55b060c642f02_cobalt-strike_ryuk
Size

431KB
MD5

0a9d0453c82cb3b844a55b060c642f02
SHA1

0c259c22f9951714afa4574e0bf3d3d593f31654
SHA256

48211afd43defedfee988ddd61304c263713532df59354592930de28806d0fd5
SHA512

ae9c37f747ea01115660ec93af41a2a71170b2b4a8b46318bf49ae966b95cbb556e9e64e866b3e00b938729e4f38fa64f03d47e599390b853883e8d3ac3b352f
SSDEEP

12288:zlDT3p9hoBJ8zXzLbm0utC5TEy+M9korXq1CGciS:JSP8bzLV0UTxpmp

Score

10^/10

strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-24_0a9d0453c82cb3b844a55b060c642f02_cobalt-strike_ryuk

Files

2024-12-24_0a9d0453c82cb3b844a55b060c642f02_cobalt-strike_ryuk
.exe windows:6 windows x64 arch:x64

05ed3448ec65bce5f84b85b481ecbd11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindFirstFileExW
FindNextFileA
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetConsoleMode
GetConsoleOutputCP
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetVolumeNameForVolumeMountPointA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
lstrlenW

user32

GetKeyboardLayout
GetKeyboardLayoutList
MessageBoxA
ShowWindow
wsprintfA

shell32

SHGetFolderPathA
SHGetKnownFolderItem
ShellExecuteExA

advapi32

RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA

ole32

CoInitialize
CoTaskMemFree

crypt32

CryptUnprotectData

shlwapi

PathFileExistsA
StrStrA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05ed3448ec65bce5f84b85b481ecbd11

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ole32

crypt32

shlwapi

wininet

Sections

.text Size: 374KB - Virtual size: 373KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 4KB - Virtual size: 4KB

.retplne Size: 512B - Virtual size: 140B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 374KB - Virtual size: 373KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 4KB - Virtual size: 4KB

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 2KB - Virtual size: 1KB