E:\Jenkins\jobs\DesktopAssistant_desktopmainframe\workspace\bin\x64\Release\Beginner.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-14_a37cbc4ec0e61a89ec927204c668172b_black-basta_cobalt-strike_hijackloader_satacom.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-05-14_a37cbc4ec0e61a89ec927204c668172b_black-basta_cobalt-strike_hijackloader_satacom.exe
Resource
win11-20250502-en
General
-
Target
2025-05-14_a37cbc4ec0e61a89ec927204c668172b_black-basta_cobalt-strike_hijackloader_satacom
-
Size
602KB
-
MD5
a37cbc4ec0e61a89ec927204c668172b
-
SHA1
5dcca7e84e5a3eac0f3fb36fddb56ec253318bea
-
SHA256
f20bb5dc0da8e3df5e599a5d80df1471f7fefedc658e76918259ff270c60cbaf
-
SHA512
97abf0954b600c30013948df3cf4f3edfd7403b21c37c307674611e5537856d9d110da73c0eade617a5845c5e1f625300b00801a27fc9d16023fc50b0ed92adc
-
SSDEEP
6144:2ra8CsgVnZm5b8CuQab6whSj7h3lFMgzYPohw2TrVR9+LeqVwJ1DNibh+Zw1:2e3nZm5fg64S/ugzYPoO2rEtVwrpi4q
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-05-14_a37cbc4ec0e61a89ec927204c668172b_black-basta_cobalt-strike_hijackloader_satacom
Files
-
2025-05-14_a37cbc4ec0e61a89ec927204c668172b_black-basta_cobalt-strike_hijackloader_satacom.exe windows:6 windows x64 arch:x64
d905160225c98684f52ae605cb8d6ef7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
GetLocalTime
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindResourceExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
LocalFree
GetPrivateProfileIntW
GetPrivateProfileStringW
WTSGetActiveConsoleSessionId
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
SetConsoleTextAttribute
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LCMapStringEx
OpenProcess
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessId
ProcessIdToSessionId
GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
CloseHandle
DecodePointer
OutputDebugStringW
GetTempPathW
WriteFile
SetFilePointer
GetFileSizeEx
GetFileSize
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
GetFileAttributesW
DeleteFileW
CreateFileW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCommandLineW
GetStdHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
RaiseException
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
FlsAlloc
user32
ShowWindow
IsWindow
PostMessageW
GetWindowThreadProcessId
FindWindowW
advapi32
SetTokenInformation
SetThreadToken
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CreateRestrictedToken
DuplicateTokenEx
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
ConvertStringSidToSidW
RegGetValueW
RegOpenKeyExW
RegOpenCurrentUser
RegCloseKey
CreateProcessWithTokenW
LookupPrivilegeValueW
CreateProcessAsUserW
SetSecurityDescriptorDacl
SetFileSecurityW
RevertToSelf
IsWellKnownSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetTokenInformation
GetLengthSid
FreeSid
shell32
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ole32
OleInitialize
OleUninitialize
oleaut32
SysAllocString
shlwapi
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
wtsapi32
WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory
WTSQueryUserToken
wintrust
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
crypt32
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose
Sections
.text Size: 269KB - Virtual size: 268KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 186KB - Virtual size: 185KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 8KB - Virtual size: 4KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ