c:\constructicon\builds\gfx\three\22.40\drivers\2d\dal\eeu\atieah\build\wNow64a\B_rel\atieah64.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-19_1599a4a15f3601aa8be50d8a2cccc842_black-basta_cobalt-strike_hijackloader_satacom.exe
Resource
win10v2004-20250502-en
General
-
Target
2025-05-19_1599a4a15f3601aa8be50d8a2cccc842_black-basta_cobalt-strike_hijackloader_satacom
-
Size
521KB
-
MD5
1599a4a15f3601aa8be50d8a2cccc842
-
SHA1
de09981eb0304bd4efb5175c7d1c4852c2ea5222
-
SHA256
047a570eeb842c2bd38e7f4d405c5678afe1bd5d15347900e25a217ce06282b9
-
SHA512
8e432ac6195bfbcf10adcbf135345902b2e8feaee5a2c3cd73f839abf0f17a4c4d4f6b3b7df7fbd99c57c9f2d43588c04efca2e1f2d24d3e49ae80dd3fedc7b4
-
SSDEEP
6144:hnteDQkg+tV3/MD5AVU0a9KGb8Ai9+morPHsW7iy46ky2gs:ttwQsLEK6tnb8AC+mcsx/X
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-05-19_1599a4a15f3601aa8be50d8a2cccc842_black-basta_cobalt-strike_hijackloader_satacom
Files
-
2025-05-19_1599a4a15f3601aa8be50d8a2cccc842_black-basta_cobalt-strike_hijackloader_satacom.exe windows:6 windows x64 arch:x64
66dada15705df28186231b9e4de80b75
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
version
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
CreateFileW
ReadConsoleW
ExpandEnvironmentStringsA
GetFileAttributesA
CloseHandle
OpenProcess
QueryFullProcessImageNameW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
WriteConsoleW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
ReadFile
GetSystemTimeAsFileTime
TlsFree
GetLastError
ResumeThread
CreateProcessA
CreateProcessW
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
SetLastError
GetCurrentProcess
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
RtlUnwind
LoadLibraryExW
EncodePointer
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCurrentThread
WideCharToMultiByte
HeapFree
HeapAlloc
GetFileType
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
SetConsoleCtrlHandler
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
advapi32
RegGetValueW
Sections
.text Size: 387KB - Virtual size: 387KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 77KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 8KB - Virtual size: 4KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ