2024-01-29_4aa9bc7f922af899d46b1fb63df29da0_cobalt-strike_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-29_4aa9bc7f922af899d46b1fb63df29da0_cobalt-strike_icedid
Size

650KB
MD5

4aa9bc7f922af899d46b1fb63df29da0
SHA1

dd7ba3c54a92d7cab7016840e25b1b2371851781
SHA256

8a511e426640680914fc6c9e5eea9ddbe84d952c7f44b83e7f90570f486aa3cd
SHA512

651b062eb10f01d3e046754e91fa9dcbb3c00b4ef75cf5d40d514feb2174d553c851e692758110191fbd0f97f42f46ae99e9a24ad9665e57354a7e1efc55dd3d
SSDEEP

12288:R8kJbdb28p5BVy49ewsB2Zmdsi2fg7Xpwwic9MZLIkH:XJrp5B+wsB2HDcwjc9MZU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-29_4aa9bc7f922af899d46b1fb63df29da0_cobalt-strike_icedid

Files

2024-01-29_4aa9bc7f922af899d46b1fb63df29da0_cobalt-strike_icedid
.exe windows:6 windows x86 arch:x86

80aecb97c73f889e791e46e44c608663

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\Source\ComTaskMaster\Release\CTskMstr.pdb

Imports

kernel32

GetSystemInfo
VirtualAlloc
VirtualQuery
HeapQueryInformation
GetCommandLineA
GetStdHandle
ExitProcess
GetFileType
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualProtect
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
EncodePointer
LoadLibraryA
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
lstrcmpA
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
LoadLibraryW
GetModuleHandleA
OutputDebugStringA
GetACP
OutputDebugStringW
GetModuleHandleExW
OpenProcess
TerminateProcess
LocalAlloc
GetTickCount
SetCriticalSectionSpinCount
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
FileTimeToSystemTime
GetComputerNameW
MoveFileExW
FormatMessageW
GetSystemDirectoryW
GetLocalTime
SetFileAttributesW
GetLongPathNameW
GetFileAttributesW
FileTimeToLocalFileTime
WriteFile
SetFilePointerEx
ReadFile
GetFileSizeEx
CreateFileW
GetCurrentProcessId
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineW
MultiByteToWideChar
lstrcmpiW
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetCurrentThreadId
GetCurrentThread
CreateThread
GetCurrentProcess
Sleep
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
RtlUnwind
WriteConsoleW

user32

MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
GetMonitorInfoW
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetMenu
GetMenu
EnableWindow
GetCapture
GetKeyState
GetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
IsWindowEnabled
SetWindowTextW
GetDC
ReleaseDC
DispatchMessageW
PostThreadMessageW
CharUpperW
CharNextW
GetSystemMetrics
PostMessageW
GetWindowLongW
GetWindowThreadProcessId
GetWindow
GetClientRect
SetRectEmpty
OffsetRect
GetParent
GetSubMenu
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx
GetSysColorBrush
LoadCursorW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
ClientToScreen
GetWindowTextW
RealChildWindowFromPoint
DestroyMenu
TranslateMessage
GetMessageW
LoadStringW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
PostQuitMessage
SendMessageW
BeginDeferWindowPos
SetWindowPos
DestroyWindow
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
RegisterWindowMessageW
GetScrollPos

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
DeleteDC
GetDeviceCaps
SetBkColor
SetTextColor
CreateBitmap
DeleteObject
Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetMapMode

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

GetAclInformation
GetLengthSid
EqualSid
CopySid
AddAce
OpenThreadToken
OpenProcessToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSidLengthRequired
GetSidSubAuthority
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsValidSid
MakeAbsoluteSD
MakeSelfRelativeSD
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceStatusEx
DeleteService
CreateServiceW
ControlService
ChangeServiceConfig2W
ConvertSecurityDescriptorToStringSecurityDescriptorW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CloseEventLog
GetSecurityDescriptorControl

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

OleRun
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CoCreateInstance
CoInitializeSecurity
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CLSIDFromProgID
CoInitialize
CoTaskMemFree
CoRevokeClassObject

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocString
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysFreeString
LoadTypeLi
VarUI4FromStr
SysStringLen

userenv

UnloadUserProfile

clusapi

OpenCluster
CloseCluster
ClusterOpenEnum
ClusterEnum
ClusterCloseEnum
GetNodeClusterState

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80aecb97c73f889e791e46e44c608663

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

userenv

clusapi

version

oleacc

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 315KB - Virtual size: 314KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 315KB - Virtual size: 314KB