2024-06-25_04e11059dd9e1b63b19654c48b9f4e41_cobalt-strike_lockergoga

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_04e11059dd9e1b63b19654c48b9f4e41_cobalt-strike_lockergoga
Size

578KB
MD5

04e11059dd9e1b63b19654c48b9f4e41
SHA1

efeaff7a810f76e912294eda20b7543e299af9ad
SHA256

b8f1007904431b87eb42f1531928be2fa35e08a0737734686ea81ec856efc76e
SHA512

ecc5331e7f4c88e6de293a33832858dae812d5bc3538670a2863f449a0b14b8f7efbfdfc15bcf9f118bdad10ca1f3e73aa2cebbe969d86ae0c9a8b67832babc7
SSDEEP

12288:sVf/6yrJ9Iihyzexws228/6BWNe81NaDUkpoCUyu:Wf/6yr7hQexD228/0UkpNRu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_04e11059dd9e1b63b19654c48b9f4e41_cobalt-strike_lockergoga

Files

2024-06-25_04e11059dd9e1b63b19654c48b9f4e41_cobalt-strike_lockergoga
.exe windows:6 windows x86 arch:x86

1c78f93f95796b269910f6eba481c943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildAgent\work\Setup_BGFX_1_6\_result\x86_Release\dbginfo\msilogengine.pdb

Imports

kernel32

ReadFile
SetLastError
GetCurrentProcessId
ProcessIdToSessionId
FreeLibrary
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageW
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
ResetEvent
WaitForSingleObjectEx
CreateEventW
WaitForMultipleObjects
HeapAlloc
HeapFree
GetProcessHeap
LocalAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CopyFileA
WriteConsoleW
DeleteFileW
CreateFileW
CreateFileA
GetLocalTime
GetCommandLineW
CreateEventA
SetEvent
CloseHandle
CopyFileW
GetExitCodeProcess
GetLastError
GetCommandLineA
FindNextFileA
FindFirstFileExA
ReadConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
OpenProcess
CreateDirectoryW
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
FormatMessageA
FindClose
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
RaiseException
RtlUnwind
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetACP
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
HeapReAlloc
IsValidCodePage
GetOEMCP

user32

RegisterWindowMessageA

advapi32

GetAclInformation
AddAccessAllowedAceEx
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
FreeSid
CreateWellKnownSid
AllocateAndInitializeSid
AddAccessDeniedAceEx

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c78f93f95796b269910f6eba481c943

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 420KB - Virtual size: 419KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 15KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 420KB - Virtual size: 419KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 15KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 25KB - Virtual size: 24KB