H:\pub_g414\rc_bug_mas_v12_2502\Build\Release\WPSOffice\office6\KSOXMLED.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-17_5d2461d5fe1fa4014168c5fcc6a4a061_amadey_black-basta_cobalt-strike_elex_hellokitty_hijackloader_luca-stealer.exe
Resource
win10v2004-20250502-en
General
-
Target
2025-05-17_5d2461d5fe1fa4014168c5fcc6a4a061_amadey_black-basta_cobalt-strike_elex_hellokitty_hijackloader_luca-stealer
-
Size
160KB
-
MD5
5d2461d5fe1fa4014168c5fcc6a4a061
-
SHA1
769179b32d5eca86e665bcb528ea96b32bb0891f
-
SHA256
1fd4c3a0e89618d9fde9f4d4e45a66d7322dd10230c8a53bf6ffe5a8fea35dde
-
SHA512
cb94bc6392c83ddf1eaeaaebc7824550905b7058f5cdad16ffab833d0a28a029df4f5a965fc26cf323a4a676beca5c35dedd755030687bc7f0da01c4c2a0797e
-
SSDEEP
3072:C1C3fALRhXnEAriW2vCSsLjzYymBOEMhZvIOZz5Uki4Ya71OCtTdU2qRH4Mp+vW:CmYLzFrPqsqBUnw4bOHjHp+u
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-05-17_5d2461d5fe1fa4014168c5fcc6a4a061_amadey_black-basta_cobalt-strike_elex_hellokitty_hijackloader_luca-stealer
Files
-
2025-05-17_5d2461d5fe1fa4014168c5fcc6a4a061_amadey_black-basta_cobalt-strike_elex_hellokitty_hijackloader_luca-stealer.exe windows:5 windows x86 arch:x86
e726d61f31542bed2c5db80599c2ab87
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetCommandLineW
LocalFree
GetModuleFileNameW
CreateFileW
ReadFile
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryW
DecodePointer
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
LoadLibraryExA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileAttributesExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW
Sections
.text Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 4KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ