2024-02-28_d46bda2db3939ad2944d0b1631782757_cobalt-strike_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_d46bda2db3939ad2944d0b1631782757_cobalt-strike_magniber
Size

505KB
MD5

d46bda2db3939ad2944d0b1631782757
SHA1

e2df38501765df8376910ed1851e4240a36f14d7
SHA256

48aad48a6a4c6e330307bf1c35d7c81d81173c7afd3100fd4417e0fb6e15d58d
SHA512

75f15a112794853ddcfc6802a3c3970256b749e7c7ba5e966de6e65c5a4b46ea135e153c026196ab2236ec3d5f420632e49a88c7884e747b4524a1c91d4fb7f9
SSDEEP

12288:caB2U30WmpYm25K4jrWEisiD1kFLp/ugbb9s+vcbhUiZd:caB24tmpREisiD1ijT0ld

Score

1^/10

Malware Config

Signatures

Files

2024-02-28_d46bda2db3939ad2944d0b1631782757_cobalt-strike_magniber
.exe windows:6 windows x86 arch:x86

b086f5a1f5c9f9dbb8478473aa0f4204

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:c5:c9:e7:15:e0:2b:42:49:41:6b:7e:f6:7a:ea:34
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

02/02/2023, 00:00

Not After

02/02/2024, 23:59

Subject

CN=Open Text Corporation,O=Open Text Corporation,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\leTake_Core.Windows_8.5.2release\SourceCode\Bin\Release\i386\Autorun.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentThreadId
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
LoadLibraryW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
lstrcmpiW
VerifyVersionInfoW
GetUserDefaultUILanguage
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetSystemInfo
GetExitCodeProcess
CreateProcessW
GetVersionExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
CreateEventW
WideCharToMultiByte
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
HeapReAlloc
HeapSize
GetCurrentThread
WriteFile
GetStdHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
FindFirstFileW
Sleep
FindClose
SetCurrentDirectoryW
GetCommandLineW
VerSetConditionMask
MultiByteToWideChar
ReadFile
ReadConsoleW
CreateFileW
FindFirstFileExW
WriteConsoleW

user32

LoadStringW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
LoadStringA
PostThreadMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
ShowWindow
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
GetClassNameW
GetWindow
CheckMenuRadioItem
LoadCursorW
LoadImageW
PtInRect
MonitorFromPoint
GetMonitorInfoW
PostMessageW
DialogBoxParamW
EndDialog
SetDlgItemTextW
GetDlgItemTextW
GetActiveWindow
GetSystemMenu
MonitorFromWindow
SetCursor
SendMessageW
SetWindowPos
FillRect
GetSysColor
MapWindowPoints
ScreenToClient
ClientToScreen
MessageBeep
MessageBoxW
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
SetMenuDefaultItem
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
SetMenu
LoadMenuW
GetSystemMetrics
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
LoadAcceleratorsW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
MoveWindow

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
DragQueryFileW

ole32

OleUninitialize
OleInitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
StringFromCLSID
CoCreateInstance
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CreateStreamOnHGlobal
ReleaseStgMedium
OleLockRunning
RegisterDragDrop
CLSIDFromString

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
UnRegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
RegisterTypeLi

shlwapi

PathRemoveFileSpecW
PathIsRelativeW
PathUnquoteSpacesW
PathFileExistsW
PathAppendW

comctl32

InitCommonControlsEx

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b086f5a1f5c9f9dbb8478473aa0f4204

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

92:c5:c9:e7:15:e0:2b:42:49:41:6b:7e:f6:7a:ea:34Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 347KB - Virtual size: 346KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 65KB - Virtual size: 64KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

92:c5:c9:e7:15:e0:2b:42:49:41:6b:7e:f6:7a:ea:34
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

.text
Size: 347KB - Virtual size: 346KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 65KB - Virtual size: 64KB