2024-03-25_c1c016d4c8700539de8613bb24ded099_cobalt-strike_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-25_c1c016d4c8700539de8613bb24ded099_cobalt-strike_icedid
Size

686KB
MD5

c1c016d4c8700539de8613bb24ded099
SHA1

efb460b691c6d460b3960a5f1dc33b8abe1c1f0e
SHA256

9eed00bc2e3c9ac68a3eb7c95978f7b4d9db606af5635f9adf4610505ee230c5
SHA512

82c26baaef41af218804581455752619948babed65cce5ff69e99877688bd338f03d11755bee846907091ffb403cfe53eb5fb92efc187856b69ad8d01750ac4c
SSDEEP

12288:wBRxnqlRXW3psLJ/legGL7myTo4FJReN4rWUa5hyEq1r:yRkTxLJ/ogGL7Fo40lUaHyEq1r

Score

1^/10

Malware Config

Signatures

Files

2024-03-25_c1c016d4c8700539de8613bb24ded099_cobalt-strike_icedid
.exe windows:5 windows x86 arch:x86

6f86e8a35e3ced9921ccfc7189500ff4

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2024, 14:52

Not After

02/02/2025, 09:32

Subject

CN=Open Source Developer\, Noriyuki Miyazaki,O=Open Source Developer,L=Sapporo,ST=Hokkaido,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2024, 14:52

Not After

02/02/2025, 09:32

Subject

CN=Open Source Developer\, Noriyuki Miyazaki,O=Open Source Developer,L=Sapporo,ST=Hokkaido,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:d1:f7:a5:ff:ec:ef:57:15:2c:7d:9a:34:c4:04:f4:8a:0a:e3:cd:67:8a:41:7a:04:7c:54:5d:a1:dd:59:40
Signer

Actual PE Digest

80:d1:f7:a5:ff:ec:ef:57:15:2c:7d:9a:34:c4:04:f4:8a:0a:e3:cd:67:8a:41:7a:04:7c:54:5d:a1:dd:59:40

Digest Algorithm

sha256

PE Digest Matches

true

9c:46:c8:6d:07:07:19:35:1e:55:7c:08:69:18:54:dc:72:da:fc:43
Signer

Actual PE Digest

9c:46:c8:6d:07:07:19:35:1e:55:7c:08:69:18:54:dc:72:da:fc:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
GlobalReAlloc
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
LCMapStringW
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
VirtualQuery
GetSystemInfo
RtlUnwind
OutputDebugStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
DuplicateHandle
UnlockFile
SetFilePointer
ReadFile
LockFile
GetFullPathNameW
GetFileSize
GlobalHandle
FlushFileBuffers
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
lstrcmpA
GetCurrentThread
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
FormatMessageW
MulDiv
LocalFree
GlobalFree
LoadLibraryW
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
HeapFree
GetTickCount
GlobalMemoryStatusEx
GetLogicalProcessorInformation
GetCurrentProcess
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
FindFirstFileW
lstrcmpW
GetProcAddress
GetModuleHandleW
VirtualProtect
LoadLibraryExW
WaitForMultipleObjects
RemoveDirectoryW
DeleteFileW
VirtualFree
WriteFile
VirtualAlloc
DeviceIoControl
SetEndOfFile
SetFilePointerEx
CreateFileW
GetVersionExW
GetVolumeInformationW
CreateDirectoryW
GetDiskFreeSpaceExW
GetModuleFileNameW
Sleep
GetExitCodeProcess
WaitForSingleObject
CloseHandle
UnmapViewOfFile
CreateProcessW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
WritePrivateProfileStringW
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
GetPrivateProfileStringW
GetPrivateProfileIntW
GetWindowsDirectoryW
GetUserDefaultLCID
FindResourceW
LoadResource
LockResource
SizeofResource
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetStringTypeW

user32

GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
GetScrollPos
RedrawWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
GetWindow
GetWindowTextW
SetWindowTextW
GetFocus
SetFocus
GetDlgCtrlID
SetWindowPos
MoveWindow
ShowWindow
PostQuitMessage
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
RegisterClipboardFormatW
GetMessageW
InvalidateRect
EnableWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetMenuItemID
GetParent
OffsetRect
SetRectEmpty
SendDlgItemMessageA
UnregisterClassW
FrameRect
PrintWindow
PtInRect
GetClassLongW
GetClassNameW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
MonitorFromRect
RemoveMenu
AppendMenuW
WinHelpW
GetMonitorInfoW
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetWindowTextLengthW
LoadIconW
LoadAcceleratorsW
SendMessageW
SetForegroundWindow
GetWindowRect
GetClientRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
TranslateAcceleratorW
IsIconic
GetSystemMetrics
GetMenuItemCount
EnableMenuItem
ModifyMenuW
GetSubMenu
CheckMenuRadioItem
DrawMenuBar
WaitForInputIdle
GrayStringW
PostMessageW
CopyRect
wsprintfW
SetCursor
LoadCursorW
FillRect
SystemParametersInfoW
SetPropW
GetDC
ReleaseDC
MonitorFromWindow
SetWindowLongW
GetWindowLongW
TranslateMessage
GetCursorPos
GetWindowThreadProcessId
KillTimer
SetTimer
LoadBitmapW
CharUpperW
DrawTextW
DrawTextExW
PostThreadMessageW
RealChildWindowFromPoint
GetSysColorBrush
WindowFromPoint
DestroyMenu
ClientToScreen
TabbedTextOutW
GetDesktopWindow

gdi32

GetBkColor
CreatePatternBrush
GetPixel
SetBkColor
CreateBitmap
Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SetBkMode
SetMapMode
GetTextColor
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
SetTextColor
LineTo
MoveToEx
CreatePen
GetDeviceCaps
CreateCompatibleBitmap
SetBitmapBits
GetBitmapBits
GetObjectW
SetDIBColorTable
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
EnumFontFamiliesExW
CreateDIBSection
DeleteDC

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW
SHAppBarMessage
ord680

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW

uxtheme

SetWindowTheme

ole32

CoInitialize
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageEncoders
GdiplusShutdown
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext

wininet

HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetGetLastResponseInfoW
InternetSetStatusCallbackW

winmm

mciSendCommandW
timeGetTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f86e8a35e3ced9921ccfc7189500ff4

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

80:d1:f7:a5:ff:ec:ef:57:15:2c:7d:9a:34:c4:04:f4:8a:0a:e3:cd:67:8a:41:7a:04:7c:54:5d:a1:dd:59:40Signer

9c:46:c8:6d:07:07:19:35:1e:55:7c:08:69:18:54:dc:72:da:fc:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

wininet

winmm

version

oleacc

Sections

.text Size: 405KB - Virtual size: 404KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 127KB - Virtual size: 127KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

80:d1:f7:a5:ff:ec:ef:57:15:2c:7d:9a:34:c4:04:f4:8a:0a:e3:cd:67:8a:41:7a:04:7c:54:5d:a1:dd:59:40
Signer

9c:46:c8:6d:07:07:19:35:1e:55:7c:08:69:18:54:dc:72:da:fc:43
Signer

.text
Size: 405KB - Virtual size: 404KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 127KB - Virtual size: 127KB