cobaltstrike | veil[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

veil.exe

windows7-x64

1

veil.exe

windows10-2004-x64

1

Resubmissions

20/07/2023, 06:46

230720-hjsrzsdg6z 10

03/12/2022, 00:14

221203-ajgqqabh4w 10

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

veil.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

veil.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

veil.exe
Size

946KB
MD5

cbd633afbc4244acfe5e734ce523cb05
SHA1

3b4e04ee71c8d1fbab6675e27a2110326482e82f
SHA256

b3c227df9bf16d3125ebd6197cc288138667d451032d5e521d7b938e82792ef6
SHA512

0ffccacc1ba235ab1ffe26de99eafd8d43d25e427e3614f60702e8c9d3b4bcfe23b15dcb02c41b48c6bb067dd0e0e2a7001d8ed0cde5520475bb4b6689086fc3
SSDEEP

12288:IqwJzxGsOFdVFU+eEtt24m12QVlrStSdLpY5+7ObLwJl1X:1wJVOFZU+eEtg128ln1pLiO

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://10.0.0.36:120/PxNG

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)

Signatures

Cobaltstrike family
cobaltstrike

Files

veil.exe
.exe windows x86

0d6b2433b9af4c1382ad94472120d6be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeBeginPeriod

ws2_32

WSAGetOverlappedResult

ntdll

NtWaitForSingleObject

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
LoadLibraryA
LoadLibraryW
GetThreadContext
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerA
CreateThread
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy