2024-09-27_d8fad75283f7bcde0243546121bafda1_cobalt-strike_magniber_sliver

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-27_d8fad75283f7bcde0243546121bafda1_cobalt-strike_magniber_sliver
Size

9.1MB
MD5

d8fad75283f7bcde0243546121bafda1
SHA1

0eef00b5272b7cadae6a9398208b8a1e1115b30e
SHA256

44e81c5af350e023f9454002a3f33634275142c1b4bb992361a3ac4d982bfa0a
SHA512

5273e63021a4929a4449e74fbc0adb8e2c8e1cefc2c5b4f7ce33da50a283e5e9e8df15cd6df612a78b4180836de09a0c7558462fc380853afdb28c059f73b6d8
SSDEEP

98304:AQDws8wjVIK8hJKt/VNdN1YeT007kxa+PZCN3RIYBD527BWG:VL80IKsJKttNDK9076LZCN3R9BVQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-27_d8fad75283f7bcde0243546121bafda1_cobalt-strike_magniber_sliver

Files

2024-09-27_d8fad75283f7bcde0243546121bafda1_cobalt-strike_magniber_sliver
.exe windows:6 windows x64 arch:x64

27769715aa512d0ad6f0a265afab2c9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Jenkins\workspace\MBAM-Windows\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb

Imports

kernel32

CreateFileW
Sleep
CreateDirectoryW
LocalFree
GetTempPathW
MoveFileExW
OpenProcess
TerminateProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
SwitchToThread
GetExitCodeProcess
ReadFile
PeekNamedPipe
ResumeThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetProcessTimes
CreateProcessW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
GetTickCount64
SetEndOfFile
SetFilePointer
GetWindowsDirectoryW
GetEnvironmentVariableW
RemoveDirectoryW
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
FormatMessageW
LocalAlloc
HeapAlloc
GetProcessHeap
HeapFree
CallNamedPipeW
GetNamedPipeServerProcessId
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventW
SetEvent
CreateThread
DeviceIoControl
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
FindFirstFileExW
CreateHardLinkW
WriteFile
WaitForMultipleObjects
OpenEventW
DebugBreak
CreateRemoteThread
VerifyVersionInfoW
VerSetConditionMask
GetLongPathNameW
WideCharToMultiByte
CopyFileW
GetVersionExW
GetSystemInfo
IsWow64Process
GetNativeSystemInfo
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
GetLogicalDriveStringsW
QueryDosDeviceW
GetCurrentThread
VirtualQueryEx
FindResourceW
SizeofResource
LoadResource
LockResource
DeleteCriticalSection
GetFileInformationByHandle
GetFileInformationByHandleEx
FlushFileBuffers
GetTickCount
GlobalAlloc
GlobalFree
GetFileSize
GetFileSizeEx
DuplicateHandle
OpenThread
SetThreadPriority
GetCurrentThreadId
SetFileInformationByHandle
SetSearchPathMode
ExpandEnvironmentStringsW
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
lstrcmpA
SetFileTime
GetStdHandle
GetModuleHandleA
GetDriveTypeW
GetSystemWindowsDirectoryW
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
GetVersionExA
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSection
InitOnceExecuteOnce
SetFileCompletionNotificationModes
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
ResetEvent
ReleaseMutex
CreateMutexW
GetStartupInfoW
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetEnvironmentVariableW
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
CreateFileA
FindResourceExW
DecodePointer
InitializeCriticalSectionEx
CloseHandle
GetLastError
GetCurrentProcess
RaiseException
VirtualProtect
VirtualQuery
LoadLibraryExA
FormatMessageA
GetStringTypeW
GetFullPathNameW
AreFileApisANSI
GetLocaleInfoEx
EncodePointer
LCMapStringEx
WakeAllConditionVariable
SleepConditionVariableSRW
CompareStringEx
GetCPInfo
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
SetFilePointerEx
HeapReAlloc
SetStdHandle
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
RtlUnwind

authz

AuthzFreeContext
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzInitializeResourceManager
AuthzFreeResourceManager

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

27769715aa512d0ad6f0a265afab2c9f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

authz

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 103KB - Virtual size: 141KB

.pdata Size: 163KB - Virtual size: 162KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 604KB - Virtual size: 608KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 103KB - Virtual size: 141KB

.pdata
Size: 163KB - Virtual size: 162KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 604KB - Virtual size: 608KB