2025-04-14_fcd6d51008ba9fd6961f4128351fd571_black-basta_cobalt-strike_poet-rat_satacom

Sharing

Copy URL

Twitter E-mail

General

Target

2025-04-14_fcd6d51008ba9fd6961f4128351fd571_black-basta_cobalt-strike_poet-rat_satacom
Size

1.8MB
MD5

fcd6d51008ba9fd6961f4128351fd571
SHA1

40b4ce6dde8c90b05243255a157580a3004e9e3d
SHA256

a1fba469a73ccc279b2dd1c97659d2989b6a37f5198d4ebba7352efbe213a21a
SHA512

b45e284882d2297d168beee679dd6d53abd149ffb6069e3aa64d5868efa6de94c41e7d955d82e3f80a7e2df664f2b7ba68b3ee7a160cb25d31f1dbf83577bb42
SSDEEP

24576:GlugEaxGdHHBoGzc4Qlj89+8NPvW8WEdNXBilrfSfdWJeE+CBfo31j8i61505PW:QuHaxGNhoGzjQeJdNohSfdWoExBe1L7E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-14_fcd6d51008ba9fd6961f4128351fd571_black-basta_cobalt-strike_poet-rat_satacom

Files

2025-04-14_fcd6d51008ba9fd6961f4128351fd571_black-basta_cobalt-strike_poet-rat_satacom
.exe windows:6 windows x64 arch:x64

0c760bb8aa60f4e61c67057dcc87a17b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExA
RegGetValueW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey

kernel32

GetFileType
WriteConsoleW
RtlCaptureContext
ExpandEnvironmentStringsW
CloseHandle
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetProcAddress
LoadLibraryW
SetConsoleCtrlHandler
GetStdHandle
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDriveTypeW
GetFileAttributesW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetVolumePathNameW
ReadFile
SetFileInformationByHandle
SetFileTime
DuplicateHandle
SetLastError
Sleep
GetSystemInfo
GetSystemTime
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
MoveFileExW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
FindFirstFileW
GetLongPathNameW
GetProcessTimes
TerminateProcess
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetModuleHandleW
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SearchPathW
WaitForSingleObject
GetExitCodeProcess
ResumeThread
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LocalFree
SetProcessAffinityMask
FormatMessageA
K32GetProcessMemoryInfo
RaiseException
VirtualProtect
FreeLibrary
LoadLibraryExA
GetStringTypeW
QueryPerformanceCounter
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetStdHandle
SetFilePointerEx
WriteFile
GetCommandLineA
GetConsoleCP
HeapFree
HeapAlloc
HeapReAlloc
CompareStringW
LCMapStringW
GetProcessHeap
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c760bb8aa60f4e61c67057dcc87a17b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 9KB - Virtual size: 24KB

.pdata Size: 60KB - Virtual size: 60KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.zero Size: 8KB - Virtual size: 4KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 9KB - Virtual size: 24KB

.pdata
Size: 60KB - Virtual size: 60KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.zero
Size: 8KB - Virtual size: 4KB