2024-02-21_e42b01b7151e8fe3dc957d21de0669bc_bumblebee_cobalt-strike_magniber_pos

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-21_e42b01b7151e8fe3dc957d21de0669bc_bumblebee_cobalt-strike_magniber_pos
Size

24.8MB
MD5

e42b01b7151e8fe3dc957d21de0669bc
SHA1

2b4023009b87d41280b230949ea91866da7fedd1
SHA256

bb40ea48a01d956e9ffb0dec390ee303be49e1fe8d5fed3ffa6685520dfc4b57
SHA512

73ad8d4d31284a0a3efecde68cd7390abc42520fba784f1e2572a719fc392fb2b592bd972f15eed8cbb744e8cd6c5de42c3eaa14d6e6f912c809db771adca6e0
SSDEEP

393216:oDbIvq3XMc0IkkRT7LLgXSa3IlDf3CQLB4m/EfIx/4JQ:69cc0IkkR/LLgXNeNfSIxi

Score

10^/10

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-21_e42b01b7151e8fe3dc957d21de0669bc_bumblebee_cobalt-strike_magniber_pos

Files

2024-02-21_e42b01b7151e8fe3dc957d21de0669bc_bumblebee_cobalt-strike_magniber_pos
.exe windows:5 windows x86 arch:x86

0b6964ad9dc05bd11f11d5be6edea765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-1391583\vos3\thinstall\modules\boot_loader.pdb

Imports

ntdll

NtWriteVirtualMemory
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
NtProtectVirtualMemory
RtlSetDaclSecurityDescriptor
RtlAllocateAndInitializeSid
RtlLengthSid
RtlUnwind
RtlCreateAcl
RtlSetSaclSecurityDescriptor
RtlFreeSid
NtRaiseHardError
NtTerminateProcess
NtReadVirtualMemory
NtQueryVirtualMemory
NtOpenEvent
NtReleaseMutant
NtSetEvent
RtlFreeHeap
RtlAllocateHeap
RtlRaiseException
NtCreateMutant
NtQueryDirectoryFile
NtSetInformationFile
NtOpenSection
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
NtOpenDirectoryObject
NtQuerySystemInformation
NtQueryInformationProcess
RtlGetVersion
NtDelayExecution
NtDuplicateObject
NtOpenFile
NtQueryInformationFile
LdrLoadDll
NtCreateEvent
NtClearEvent
NtReadFile
NtWaitForSingleObject
LdrUnloadDll
NtQueryFullAttributesFile
NtCreateSection
NtMapViewOfSection
NtClose
NtUnmapViewOfSection
RtlQueryEnvironmentVariable_U
RtlMultiByteToUnicodeN
RtlCompareUnicodeString
RtlInitUnicodeString
LdrGetDllHandle
RtlInitAnsiString
LdrGetProcedureAddress
NtAllocateVirtualMemory
RtlNtStatusToDosError

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
WriteFile
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapFree
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetCommandLineA
GetCurrentThreadId
CreateFileA
FlushFileBuffers
VirtualQuery
WaitForSingleObject
SetLastError
FormatMessageW
LocalFree
GetModuleFileNameW
ExitProcess
GetCommandLineW
SetEnvironmentVariableW
GetLastError
GetModuleHandleW
CreateProcessW
DuplicateHandle
GetCurrentProcess
GetStartupInfoW
FindNextFileW
MoveFileExW
FindFirstFileW
DeleteFileW
CloseHandle
Sleep
MoveFileW
CopyFileW
GetFileAttributesW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

user32

MessageBoxW
wsprintfW

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b6964ad9dc05bd11f11d5be6edea765

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 114KB - Virtual size: 114KB

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 114KB - Virtual size: 114KB