General
-
Target
2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber
-
Size
2.0MB
-
Sample
240423-wmma9sae56
-
MD5
e1f12fc65552ebcd26542e8bf3f985b8
-
SHA1
eee4e3f34247e50a8dacce6e15ca605983abdfc0
-
SHA256
0a11849292307d1833c857ca39eb21deb2af5aa1d1a0228e8bd6797b46c6cb47
-
SHA512
a84cc25c036fc7cb24696862cf3e5259c58b2e211fc8f1b580c808be4cd2c58938cc737b43b49cf588928b319447fe44c1ab39b4f4973c499f830f49bdab321f
-
SSDEEP
49152:t/7sIyhWajeDefr8VlaQnBllYb20+1k+1cAzS+vc:t/KWacVYQBllYW
Behavioral task
behavioral1
Sample
2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
windows/reverse_tcp
192.168.222.129:1734
Targets
-
-
Target
2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber
-
Size
2.0MB
-
MD5
e1f12fc65552ebcd26542e8bf3f985b8
-
SHA1
eee4e3f34247e50a8dacce6e15ca605983abdfc0
-
SHA256
0a11849292307d1833c857ca39eb21deb2af5aa1d1a0228e8bd6797b46c6cb47
-
SHA512
a84cc25c036fc7cb24696862cf3e5259c58b2e211fc8f1b580c808be4cd2c58938cc737b43b49cf588928b319447fe44c1ab39b4f4973c499f830f49bdab321f
-
SSDEEP
49152:t/7sIyhWajeDefr8VlaQnBllYb20+1k+1cAzS+vc:t/KWacVYQBllYW
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-