2024-05-10_50e724b33b5cca9aafbe70d6a2e3f7a5_cobalt-strike_floxif_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-10_50e724b33b5cca9aafbe70d6a2e3f7a5_cobalt-strike_floxif_icedid
Size

758KB
MD5

50e724b33b5cca9aafbe70d6a2e3f7a5
SHA1

2a942816688a6f34d78a8584f2baee394dce4168
SHA256

e6ca1e25736a89fc6be6215dd75f3e936a5d76f5616dcde79e3a2f5183c1e4fd
SHA512

cb40366384b18d0e662aca45a0bbc2b345fc8f4010ed0a7b5ca527142c561dafd75bc52a5320c5d1b83d54974bc279ec9d145dee4c029a08e019e73d20590dbb
SSDEEP

12288:NGlo/L9QuHJrwxXZsuqU1MapTQL00R1dvitdG09apHCqBjvrEH7VZ:OSQ+UXZxqU1/psY0HxitY1pBrEH7VZ

Score

1^/10

Malware Config

Signatures

Files

2024-05-10_50e724b33b5cca9aafbe70d6a2e3f7a5_cobalt-strike_floxif_icedid
.exe windows:5 windows x86 arch:x86

45206a182e2bb17e320dc3df233736da

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-03-2021 12:33

Not After

19-03-2022 12:33

Subject

CN=Open Source Developer\, Noriyuki Miyazaki,O=Open Source Developer,ST=Hokkaido,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19-05-2021 05:42

Not After

18-05-2032 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-03-2021 12:33

Not After

19-03-2022 12:33

Subject

CN=Open Source Developer\, Noriyuki Miyazaki,O=Open Source Developer,ST=Hokkaido,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19-05-2021 05:42

Not After

18-05-2032 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:41:52:b4:79:b9:c6:3a:10:00:7a:f8:55:69:1f:59:3f:3f:b7:70:a0:18:84:4a:47:60:6b:b5:58:a2:66:95
Signer

Actual PE Digest

5f:41:52:b4:79:b9:c6:3a:10:00:7a:f8:55:69:1f:59:3f:3f:b7:70:a0:18:84:4a:47:60:6b:b5:58:a2:66:95

Digest Algorithm

sha256

PE Digest Matches

false

1c:b8:41:92:39:79:1a:85:c9:39:34:06:42:88:5a:68:96:c9:b3:1d
Signer

Actual PE Digest

1c:b8:41:92:39:79:1a:85:c9:39:34:06:42:88:5a:68:96:c9:b3:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ReadConsoleW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
LCMapStringW
GetFileType
ExitProcess
GetStdHandle
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineA
VirtualQuery
GetSystemInfo
RtlUnwind
OutputDebugStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
DuplicateHandle
UnlockFile
SetFilePointer
ReadFile
LockFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
lstrcmpA
GetCurrentThread
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
FormatMessageW
MulDiv
LocalFree
GlobalFree
LoadLibraryW
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
HeapFree
GetTickCount
GetWindowsDirectoryW
GetCurrentProcess
FindClose
FindNextFileW
FindFirstFileW
lstrcmpW
GetModuleHandleW
GetProcAddress
VirtualProtect
LoadLibraryExW
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
GetDriveTypeW
GetLogicalDriveStringsW
TerminateProcess
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCommandLineW
RemoveDirectoryW
DeleteFileW
VirtualFree
WriteFile
VirtualAlloc
DeviceIoControl
SetEndOfFile
SetFilePointerEx
CreateFileW
GetVersionExW
GetVolumeInformationW
CreateDirectoryW
GetDiskFreeSpaceExW
GetModuleFileNameW
Sleep
GetExitCodeProcess
WaitForSingleObject
CloseHandle
UnmapViewOfFile
CreateProcessW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
GetUserDefaultLCID
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
WriteConsoleW

user32

MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
GetScrollPos
RedrawWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
GetWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetFocus
SetFocus
GetDlgCtrlID
GetSysColor
SetWindowPos
MoveWindow
ShowWindow
UnhookWindowsHookEx
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetMenuItemCount
GetMenuItemID
InvalidateRect
EnableWindow
WaitForInputIdle
PostMessageW
GetParent
OffsetRect
SetRectEmpty
SendDlgItemMessageA
UnregisterClassW
FrameRect
PrintWindow
RemoveMenu
AppendMenuW
SetTimer
KillTimer
MonitorFromWindow
CallNextHookEx
WinHelpW
GetMonitorInfoW
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
ReleaseDC
GetDC
SetPropW
PtInRect
GetClassLongW
GetClassNameW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
LoadIconW
LoadAcceleratorsW
SendMessageW
SetForegroundWindow
GetComboBoxInfo
SetWindowLongW
GetWindowLongW
SetLayeredWindowAttributes
TranslateAcceleratorW
IsIconic
GetSystemMetrics
GetClientRect
EnableMenuItem
ModifyMenuW
GetSubMenu
CheckMenuRadioItem
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawMenuBar
CopyRect
wsprintfW
SetCursor
LoadCursorW
GetWindowRect
FillRect
SystemParametersInfoW
GetWindowThreadProcessId
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
RealChildWindowFromPoint
GetSysColorBrush
WindowFromPoint
CharUpperW
DestroyMenu
ClientToScreen
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetDesktopWindow

gdi32

CreateSolidBrush
GetTextColor
GetBkColor
CreatePatternBrush
GetPixel
SetBkColor
CreateBitmap
Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SetBkMode
SetMapMode
CreateFontIndirectW
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
SetTextColor
LineTo
MoveToEx
CreatePen
GetDeviceCaps
CreateCompatibleBitmap
SetBitmapBits
GetBitmapBits
GetObjectW
SetDIBColorTable
SelectObject
DeleteObject
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC
EnumFontFamiliesExW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyW
RegQueryValueExW
RegCloseKey
RegEnumValueW
RegQueryValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
CommandLineToArgvW
ShellExecuteW
ord680

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathIsUNCW
PathStripToRootW

uxtheme

SetWindowTheme

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize
CoInitializeEx

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdiplusShutdown
GdipFree
GdipGetImagePaletteSize
GdipSaveImageToFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipGetImageEncoders

winmm

timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45206a182e2bb17e320dc3df233736da

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82Certificate

Extended Key Usages

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82Certificate

Extended Key Usages

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

5f:41:52:b4:79:b9:c6:3a:10:00:7a:f8:55:69:1f:59:3f:3f:b7:70:a0:18:84:4a:47:60:6b:b5:58:a2:66:95Signer

1c:b8:41:92:39:79:1a:85:c9:39:34:06:42:88:5a:68:96:c9:b3:1dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

winmm

version

oleacc

Sections

.text Size: 419KB - Virtual size: 418KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 127KB - Virtual size: 127KB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

5f:41:52:b4:79:b9:c6:3a:10:00:7a:f8:55:69:1f:59:3f:3f:b7:70:a0:18:84:4a:47:60:6b:b5:58:a2:66:95
Signer

1c:b8:41:92:39:79:1a:85:c9:39:34:06:42:88:5a:68:96:c9:b3:1d
Signer

.text
Size: 419KB - Virtual size: 418KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 127KB - Virtual size: 127KB