2024-04-16_2f54708dfce24168577bf426bfa87df2_cobalt-strike_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-16_2f54708dfce24168577bf426bfa87df2_cobalt-strike_magniber
Size

921KB
MD5

2f54708dfce24168577bf426bfa87df2
SHA1

f232ef1e3db1570e56ffacd62a6569f97049fb15
SHA256

3701568959df437af51f7f4044b703a94a632cc0b27469f05914fce4c8ca3dd5
SHA512

22c0e974f4bb98d2c6e145a310e08c2c31a2e9c62ac0288aca61a74c8974e276f6050051981d631d54b847033aed2988eaa0a0049cb6d8411c916bdc021f0c42
SSDEEP

24576:D/34NFIurx6KG8Yl8Fb1kA+zNWfoHPmtwEhC/16d:8zzSpBWfoH+twEhC/U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_2f54708dfce24168577bf426bfa87df2_cobalt-strike_magniber

Files

2024-04-16_2f54708dfce24168577bf426bfa87df2_cobalt-strike_magniber
.exe windows:5 windows x86 arch:x86

d87aa498a4ef3606f20f442e7dc5070f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\se\branches\11.0.1_Eaton\bin\release\SogouExplorerUP.pdb

Imports

kernel32

InterlockedExchange
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
GetProcAddress
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetTickCount
GetSystemTimeAsFileTime
CreateDirectoryW
DeleteFileW
CopyFileW
MoveFileW
FindClose
OutputDebugStringW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
MoveFileExW
CreateThread
GetLastError
TerminateThread
GetExitCodeThread
QueryPerformanceCounter
FreeLibrary
RaiseException
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
lstrcmpiW
CreateMutexW
LoadLibraryExA
LoadLibraryExW
GetModuleHandleW
FindResourceW
GetSystemDirectoryA
SetCurrentDirectoryW
MultiByteToWideChar
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
SetErrorMode
LoadLibraryW
CreateProcessW
WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
VirtualQuery
WideCharToMultiByte
GetVersionExW
CreateFileW
GetFileTime
SetFileTime
GetSystemDirectoryW
GetShortPathNameW
GetTempPathW
GetTempFileNameW
GetFileSize
ReadFile
GetFileAttributesW
WriteFile
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetDiskFreeSpaceExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
OpenProcess
ReadProcessMemory
InterlockedCompareExchange
GetCommandLineW
LocalAlloc
LocalFree
DeviceIoControl
GlobalAlloc
GlobalFree
CopyFileA
CreateFileA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
FormatMessageW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
GetCurrentProcessId
RtlUnwind
InterlockedFlushSList
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetCurrentThread
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

GetWindowLongW
SetTimer
CallWindowProcW
PostQuitMessage
DefWindowProcW
LoadCursorW
SetWindowLongW
CharNextW
CreateWindowExW
GetClassInfoExW
IsCharAlphaNumericW
UnregisterClassW
DispatchMessageW
TranslateMessage
PostMessageW
PostThreadMessageW
PeekMessageW
GetMessageW
RegisterClassExW
GetLastInputInfo

Sections

.text
Size: 635KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d87aa498a4ef3606f20f442e7dc5070f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 635KB - Virtual size: 635KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 92KB - Virtual size: 96KB

.text
Size: 635KB - Virtual size: 635KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 92KB - Virtual size: 96KB