metasploit | 2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber
Size

2.0MB
MD5

e1f12fc65552ebcd26542e8bf3f985b8
SHA1

eee4e3f34247e50a8dacce6e15ca605983abdfc0
SHA256

0a11849292307d1833c857ca39eb21deb2af5aa1d1a0228e8bd6797b46c6cb47
SHA512

a84cc25c036fc7cb24696862cf3e5259c58b2e211fc8f1b580c808be4cd2c58938cc737b43b49cf588928b319447fe44c1ab39b4f4973c499f830f49bdab321f
SSDEEP

49152:t/7sIyhWajeDefr8VlaQnBllYb20+1k+1cAzS+vc:t/KWacVYQBllYW

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.222.129:1734

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber

Files

2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber
.exe windows:4 windows x86 arch:x86

31a77ed5e329ba19fdb07b4dafa4601f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameW
SetFileAttributesW
SetThreadPriority
GetCurrentThread
SetFilePointerEx
MoveFileExW
CreateMutexA
GetDynamicTimeZoneInformation
SystemTimeToFileTime
CopyFileW
GetSystemTime
LoadLibraryExA
FreeLibrary
GetTickCount64
QueryPerformanceCounter
GetDiskFreeSpaceExA
LocaleNameToLCID
WideCharToMultiByte
GlobalMemoryStatusEx
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
OutputDebugStringW
HeapDestroy
DecodePointer
GetOverlappedResult
GetCurrentDirectoryW
HeapAlloc
CreateThread
RaiseException
HeapReAlloc
Process32FirstW
QueryPerformanceFrequency
LoadLibraryA
GetDiskFreeSpaceExW
Process32NextW
FormatMessageW
ProcessIdToSessionId
MultiByteToWideChar
CreateEventW
CreateToolhelp32Snapshot
HeapSize
OpenProcess
GetModuleHandleA
ReleaseMutex
GetVersionExW
GetLocaleInfoW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
SetFilePointer
GetUserDefaultUILanguage
GetLocaleInfoEx
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetSystemDefaultUILanguage
GetStdHandle
HeapFree
GetFileSizeEx
ReadFile
CreateDirectoryW
GetExitCodeProcess
GetModuleHandleW
CreateProcessW
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
CloseHandle
DeleteFileW
GetLastError
Sleep
GetCurrentThreadId
CreateFileW
WaitForSingleObject
WriteFile
GetCurrentProcess
GetExitCodeThread
GetCommandLineW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetLastError
GetThreadTimes
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
GetNativeSystemInfo
LocalFree
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
AreFileApisANSI
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeLibraryAndExitThread
LoadLibraryExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedPushEntrySList
VirtualAlloc
VirtualProtect
RtlUnwind
ExitThread
GetFileType
WriteConsoleW
GetSystemInfo
VirtualQuery

user32

PostMessageW
ShowWindow
EnumWindows
IsIconic
GetWindowTextW
EndPaint
BeginPaint
GetCursorPos
ReleaseDC
GetWindowThreadProcessId
ReleaseCapture
UpdateWindow
SystemParametersInfoW
PostQuitMessage
DrawIconEx
DrawTextW
UpdateLayeredWindow
SetCapture
LoadCursorW
TranslateMessage
TrackMouseEvent
MessageBoxExW
SetTimer
PeekMessageW
RegisterClassExW
GetSystemMetrics
GetIconInfo
CreateWindowExW
SetWindowPos
GetDC
DefWindowProcW
GetWindowRect
FindWindowW
SetForegroundWindow
InvalidateRect
DispatchMessageW

comdlg32

GetSaveFileNameW

advapi32

AccessCheck
GetSecurityDescriptorOwner
GetFileSecurityW
DuplicateToken
MapGenericMask
GetTokenInformation
RegQueryValueExW
LookupAccountSidW
GetUserNameW
GetLengthSid
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
EqualSid
GetSidSubAuthorityCount
GetSecurityDescriptorDacl
AllocateAndInitializeSid
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
OpenProcessToken

shell32

ShellExecuteExW
ShellExecuteA
SHParseDisplayName
SHGetFolderPathW
SHCreateShellItem
CommandLineToArgvW

ole32

CoCreateGuid
CoInitializeEx
StringFromCLSID
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

winhttp

WinHttpOpen
WinHttpConnect
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

UnloadUserProfile

rpcrt4

UuidCreate

msimg32

AlphaBlend

gdi32

GdiFlush
CreateCompatibleDC
DeleteDC
TextOutW
CreateDIBitmap
CreateFontW
StretchBlt
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
SetTextColor
SetBkMode
CreatePen
Rectangle
GetObjectW
SetStretchBltMode
DeleteObject
RoundRect
CreateSolidBrush

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

31a77ed5e329ba19fdb07b4dafa4601f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

winhttp

version

userenv

rpcrt4

msimg32

gdi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 300KB - Virtual size: 299KB

.data Size: 118KB - Virtual size: 154KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 80KB - Virtual size: 80KB

.text Size: 512B - Virtual size: 464B

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 80KB - Virtual size: 80KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 300KB - Virtual size: 299KB

.data
Size: 118KB - Virtual size: 154KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 80KB - Virtual size: 80KB

.text
Size: 512B - Virtual size: 464B

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 80KB - Virtual size: 80KB