2024-04-30_c9bd6f2b54b634f321de96072a82678f_cobalt-strike_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-30_c9bd6f2b54b634f321de96072a82678f_cobalt-strike_mafia
Size

842KB
MD5

c9bd6f2b54b634f321de96072a82678f
SHA1

b50199327bcc68dffd4791e7fa898ff0a2ba754a
SHA256

503268759d709b63b880615216ec664b3a8f936bfaafff40db25746f693a0885
SHA512

aad953c477653bef54a88eebe78c8efe4aad684b3a705bbc685a0585838297c8da5226fcad6ba7e941cbcc9ca44d63d35d1fc8c696aa854aef0951b8123b0bff
SSDEEP

12288:TOb+hq19B9Lcji+/j7O8Ts+t53mQJd5UXH1eQMBwTHdjE8m/Tymp1ormD:k97sji+r7JTjt53dUXH1egT9jEl/Tln

Score

1^/10

Malware Config

Signatures

Files

2024-04-30_c9bd6f2b54b634f321de96072a82678f_cobalt-strike_mafia
.exe windows:5 windows x86 arch:x86

2e3faf10402c4ae7f8bd8344ec3d60b1

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:80:d7:c7:be:f6:2f:4e:f0:49:31:63:36:61:10:c9
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/09/2020, 00:00

Not After

04/09/2021, 23:59

Subject

CN=重庆市槐华商务咨询有限公司,O=重庆市槐华商务咨询有限公司,POSTALCODE=400056,STREET=（重庆工程学院创新创业园）1-110+STREET=巴南区南泉白鹤林16号6幢,L=重庆市,ST=Chongqing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:80:d7:c7:be:f6:2f:4e:f0:49:31:63:36:61:10:c9
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/09/2020, 00:00

Not After

04/09/2021, 23:59

Subject

CN=重庆市槐华商务咨询有限公司,O=重庆市槐华商务咨询有限公司,POSTALCODE=400056,STREET=（重庆工程学院创新创业园）1-110+STREET=巴南区南泉白鹤林16号6幢,L=重庆市,ST=Chongqing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:95:b5:7c:4e:72:22:de:a8:96:32:2f:b2:cc:85:90:56:ec:55:70:57:0a:cc:d8:b6:fd:38:1b:52:c6:0f:7d
Signer

Actual PE Digest

74:95:b5:7c:4e:72:22:de:a8:96:32:2f:b2:cc:85:90:56:ec:55:70:57:0a:cc:d8:b6:fd:38:1b:52:c6:0f:7d

Digest Algorithm

sha256

PE Digest Matches

false

16:97:02:3b:08:c1:55:b2:73:f0:ff:04:59:a0:2a:ca:e8:d1:44:38
Signer

Actual PE Digest

16:97:02:3b:08:c1:55:b2:73:f0:ff:04:59:a0:2a:ca:e8:d1:44:38

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyNewSoftProjects\Projects\DirRecord\Release\GifRecord.pdb

Imports

winmm

timeGetTime

kernel32

EnumResourceNamesA
EnumResourceTypesA
SetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetSystemInfo
GetProcAddress
LoadLibraryW
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
GetFileAttributesA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
DeleteFileA
CreateDirectoryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ResetEvent
GetOverlappedResult
FreeResource
GetCurrentProcessId
GetCurrentThreadId
SetCurrentDirectoryA
SetCurrentDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateDirectoryW
MoveFileA
MoveFileW
CopyFileA
CopyFileW
GetModuleFileNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
WritePrivateProfileStructA
WritePrivateProfileStructW
CreateProcessA
CreateProcessW
GetFileInformationByHandle
GetFullPathNameA
GetTimeZoneInformation
HeapSize
GetLocaleInfoW
CreateMutexW
GetOEMCP
GetACP
EnumResourceLanguagesA
FatalAppExitA
ExitProcess
GetStdHandle
SetHandleCount
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCurrentThread
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
FindFirstFileExW
GetDriveTypeW
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
HeapReAlloc
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RaiseException
RtlUnwind
InterlockedCompareExchange
DecodePointer
EncodePointer
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
CreateThread
DeleteFileW
CreateFileA
GetFullPathNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
LocalFree
lstrlenW
SetFilePointer
CloseHandle
BeginUpdateResourceA
LoadLibraryA
FindResourceA
FreeLibrary
SizeofResource
LoadResource
LockResource
BeginUpdateResourceW
EndUpdateResourceA
UpdateResourceA
ReleaseMutex
FlushFileBuffers
WaitForSingleObject
ReadFile
WriteFile
GetLastError
CreateFileW
GetFileSize
GetCommandLineA
Sleep
IsValidCodePage
PeekNamedPipe

user32

SetWindowRgn
InvalidateRect
GetCursorPos
PtInRect
GetDC
ReleaseDC
DialogBoxParamA
UnregisterHotKey
RegisterHotKey
LoadIconA
SetClassLongA
SetTimer
EndDialog
IsDlgButtonChecked
EnableWindow
SendDlgItemMessageA
SetFocus
CheckDlgButton
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
SystemParametersInfoA
GetDesktopWindow
GetIconInfo
GetAsyncKeyState
DrawIconEx
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
InvalidateRgn
IsWindowVisible
ScreenToClient
GetWindowLongW
SetPropA
RemovePropA
CallWindowProcW
GetKeyNameTextW
GetKeyNameTextA
GetMenuItemInfoW
GetMenuItemInfoA
SetMenuItemInfoW
SetMenuItemInfoA
InsertMenuItemW
InsertMenuItemA
InsertMenuW
InsertMenuA
DrawTextW
DrawTextA
MessageBoxW
MessageBoxA
GetWindowThreadProcessId
DefWindowProcW
DefWindowProcA
SetWindowTextW
SetWindowTextA
GetDlgItem
GetClassWord
GetPropA
SendMessageA
GetWindowTextLengthW
GetWindowTextW
GetWindowTextA
EnumChildWindows
ShowWindow
CreateDialogParamA
GetClientRect
GetClassNameA
FindWindowExA
DestroyWindow
GetWindowRect
SetWindowPos
CallWindowProcA
GetWindowLongA
SetWindowLongA
GetSystemMetrics
PostMessageA
GetDlgItemTextA

gdi32

BitBlt
CreateRectRgn
CombineRgn
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateRectRgnIndirect

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegOpenKeyA
GetUserNameA
RegCloseKey

shell32

DragQueryFileW
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderA
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
DragQueryFileA
SHGetMalloc
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imagehlp

MakeSureDirectoryPathExists

ws2_32

connect
recv
send
gethostbyname
select
__WSAFDIsSet
getsockopt
htons
socket
WSAStartup
inet_ntoa
closesocket

netapi32

Netbios

oleaut32

CreateErrorInfo
GetErrorInfo
VariantChangeType
VariantClear
VariantInit
SetErrorInfo
SysFreeString

Sections

.text
Size: 593KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e3faf10402c4ae7f8bd8344ec3d60b1

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

20:80:d7:c7:be:f6:2f:4e:f0:49:31:63:36:61:10:c9Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

20:80:d7:c7:be:f6:2f:4e:f0:49:31:63:36:61:10:c9Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

74:95:b5:7c:4e:72:22:de:a8:96:32:2f:b2:cc:85:90:56:ec:55:70:57:0a:cc:d8:b6:fd:38:1b:52:c6:0f:7dSigner

16:97:02:3b:08:c1:55:b2:73:f0:ff:04:59:a0:2a:ca:e8:d1:44:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

imagehlp

ws2_32

netapi32

oleaut32

Sections

.text Size: 593KB - Virtual size: 593KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 9KB - Virtual size: 24KB

.rsrc Size: 118KB - Virtual size: 117KB

.reloc Size: 36KB - Virtual size: 40KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

20:80:d7:c7:be:f6:2f:4e:f0:49:31:63:36:61:10:c9
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

20:80:d7:c7:be:f6:2f:4e:f0:49:31:63:36:61:10:c9
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

74:95:b5:7c:4e:72:22:de:a8:96:32:2f:b2:cc:85:90:56:ec:55:70:57:0a:cc:d8:b6:fd:38:1b:52:c6:0f:7d
Signer

16:97:02:3b:08:c1:55:b2:73:f0:ff:04:59:a0:2a:ca:e8:d1:44:38
Signer

.text
Size: 593KB - Virtual size: 593KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 9KB - Virtual size: 24KB

.rsrc
Size: 118KB - Virtual size: 117KB

.reloc
Size: 36KB - Virtual size: 40KB