2024-02-12_4ca68e964fc191f799b0960513eff34b_cobalt-strike_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-12_4ca68e964fc191f799b0960513eff34b_cobalt-strike_magniber
Size

993KB
MD5

4ca68e964fc191f799b0960513eff34b
SHA1

2193ed36f8d69a7f90e898c37d246a7b4b592495
SHA256

956595f1ef3c89edb94316b1cc536b107277246733a5563a64f4931a259fb15d
SHA512

a0e02824c313d59312518958f181b031f89ac9ee7dade999233582e1c9e056ae892b342943cfed3556eee1a204e3271f5537926f1723444a3b1b2c91fde175d2
SSDEEP

24576:YkMV8+JYM7QWalbFcyVijnb1L/rEmu+r664:YP8+uJiB/rEOr66

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-12_4ca68e964fc191f799b0960513eff34b_cobalt-strike_magniber

Files

2024-02-12_4ca68e964fc191f799b0960513eff34b_cobalt-strike_magniber
.exe windows:6 windows x86 arch:x86

f2a6ac2e243c729018d8d1afd5fbba39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\joker\Projects\Rscipt\Release\RScript.pdb

Imports

kernel32

Sleep
IsDBCSLeadByteEx
OpenMutexA
GetLocalTime
GetSystemTime
CreateMutexA
ReleaseMutex
FindFirstFileA
GetCommandLineA
GetTickCount
ReadFile
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
lstrlenA
lstrcmpA
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
WriteFile
WriteConsoleW
CreateFileW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
GetStringTypeW
SetStdHandle
OutputDebugStringW
SetConsoleCtrlHandler
GetFileType
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
CreateFileA
lstrcmpiA
lstrcatA
lstrcpyA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetVersionExA
CreateDirectoryA
DeleteFileA
FindClose
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
GetFullPathNameA
RemoveDirectoryA
GetVolumeInformationA
SetErrorMode
GetModuleFileNameA
MultiByteToWideChar
GetFileSize
SetFilePointer
GetCurrentThreadId
SetThreadPriority
WaitForMultipleObjects
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCurrentThread
HeapFree
HeapAlloc
DecodePointer
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
FindNextFileW

user32

PostMessageA
wsprintfA
ShowWindow
DestroyWindow
CallWindowProcA
RegisterClassExA
GetWindowLongA
SetWindowLongA
LoadCursorA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
WaitMessage
SetWindowPos
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetMenu
GetWindowRect
AdjustWindowRectEx
FillRect
GetDesktopWindow
SetFocus
EnableWindow
DrawTextA
UpdateWindow
InvalidateRect
GetClientRect
GetWindow
PostQuitMessage
SetWindowRgn
GetWindowRgn
PostThreadMessageA
GetForegroundWindow
MsgWaitForMultipleObjects
LoadIconA
ChangeDisplaySettingsA
SetRect
EndPaint
BeginPaint
ScreenToClient
GetCursorPos
MessageBoxA
ReleaseDC
GetDC
SetCursor
ShowCursor
DefWindowProcA
SendMessageA

gdi32

RemoveFontResourceExA
CreateRectRgn
CreateDIBitmap
GetTextExtentPoint32A
GetStockObject
BitBlt
CreateDIBSection
GetDeviceCaps
DeleteObject
CreateFontA
CreateCompatibleDC
CreateDCA
CreateSolidBrush
DeleteDC
SelectObject
StretchBlt
GdiFlush
EnumFontFamiliesExA
GetGlyphOutlineA
AddFontResourceExA
TextOutA
GetTextMetricsA
SetBkMode
SetTextColor
ExtCreateRegion

msacm32

acmDriverRemove
acmDriverEnum
acmDriverOpen
acmDriverClose
acmFormatSuggest
acmStreamOpen
acmStreamClose
acmStreamSize
acmDriverAddA
acmStreamReset
acmStreamConvert
acmStreamPrepareHeader
acmStreamUnprepareHeader

winmm

timeSetEvent
timeKillEvent
timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
mciSendCommandA

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetContext

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetPathFromIDListA
SHGetFolderPathA

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

Exports

Exports

??1CMath@@QAE@XZ
??4CLim@@QAEAAV0@ABV0@@Z
??4CMath@@QAEAAV0@ABV0@@Z
?AddAlpha@CMath@@SAKKKG@Z
?AddAlphaRev@CMath@@SAKKKG@Z
?Blend@CMath@@SAKKK@Z
?DelAlpha@CMath@@SAKKKG@Z
?GetBlackColor@CMath@@SAKKG@Z
?GetBlackTable@CMath@@SAPBEE@Z
?GetCosTable@CMath@@SAPBHXZ
?GetEmbosTable@CMath@@SAPBEE@Z
?GetSinTable@CMath@@SAPBHXZ
?GetWhiteColor@CMath@@SAKKG@Z
?GetWhiteTable@CMath@@SAPBEE@Z
?Init@CMath@@SAXXZ
?m_fInit@CMath@@0HA
?m_pCosTable@CMath@@0PAHA
?m_pSinTable@CMath@@0PAHA
?m_ppAddTable@CMath@@0PAY0BAA@EA
?m_ppDelTable@CMath@@0PAY0BAA@EA

Sections

.text
Size: 794KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2a6ac2e243c729018d8d1afd5fbba39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msacm32

winmm

imm32

version

shell32

ole32

Exports

Exports

Sections

.text Size: 794KB - Virtual size: 794KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 8KB - Virtual size: 300KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 794KB - Virtual size: 794KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 8KB - Virtual size: 300KB

.rsrc
Size: 52KB - Virtual size: 52KB