2024-11-21_58927a69657702c9ba253080a8055979_bitrat_cobalt-strike_venus-locker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-21_58927a69657702c9ba253080a8055979_bitrat_cobalt-strike_venus-locker
Size

513KB
MD5

58927a69657702c9ba253080a8055979
SHA1

beacef5ddb4a5f27d104b1ef41958bd4d5753375
SHA256

40786a54e15726f80eb14b1433834a0a34e7b220ea2f6790b1dcc20827083b80
SHA512

7e8fd932d2f8b710f3c7202e45dd826d0319963dda1cb3091a70a11db0ae7fade9f1f1e27ce9c5621badc54054fde175603de14533efc63bbec94c3d55359aed
SSDEEP

6144:0dKyZEYF+JAm3tdLVOE7O9l+ZMz9LB5V0QE6BkLrHlPIyZRAO4V50DEroE0Rjp13:0diYF+JAm3tdLVOigz9dXtVmLr71DL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-11-21_58927a69657702c9ba253080a8055979_bitrat_cobalt-strike_venus-locker

Files

2024-11-21_58927a69657702c9ba253080a8055979_bitrat_cobalt-strike_venus-locker
.exe windows:6 windows x86 arch:x86

e162d21b33035356f1d16365ff6bb80e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\artem\source\repos\TestNtfsSearch2\Release\Stub.pdb

Imports

iphlpapi

GetIpNetTable

ntdll

RtlInitUnicodeString
RtlUnwind

kernel32

LockResource
lstrlenW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
GetLogicalDrives
ExitProcess
SetErrorMode
GetConsoleWindow
WaitForMultipleObjects
IsWow64Process
Wow64DisableWow64FsRedirection
CreateProcessA
GetWindowsDirectoryA
lstrcatA
CreateFileA
lstrlenA
OpenMutexA
CreateMutexA
GetSystemInfo
GetVolumeInformationW
VirtualAlloc
UnmapViewOfFile
FlushViewOfFile
GetDriveTypeW
GetWindowsDirectoryW
GetSystemTime
LocalAlloc
LocalFree
GetCurrentThreadId
GetVolumePathNameW
GlobalLock
GlobalUnlock
MulDiv
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
SizeofResource
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
FreeLibraryAndExitThread
LoadLibraryExW
FindResourceW
WriteFile
GetLocalTime
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
DeleteTimerQueue
CancelIo
CreateTimerQueueTimer
GetQueuedCompletionStatus
CreateTimerQueue
PostQueuedCompletionStatus
CreateIoCompletionPort
GlobalFree
GlobalAlloc
ResumeThread
lstrcpyW
GetDiskFreeSpaceW
ExitThread
Sleep
LeaveCriticalSection
EnterCriticalSection
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpW
GetCurrentProcess
OpenProcess
HeapReAlloc
CloseHandle
WaitForSingleObject
CreateThread
HeapFree
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RaiseException
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
CreateEventW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
WriteConsoleW
LoadResource
GetConsoleMode
FormatMessageA
WaitForSingleObjectEx
GetExitCodeThread
GetLocaleInfoEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
QueryPerformanceCounter
EncodePointer
DecodePointer
InitializeCriticalSectionEx
LCMapStringEx

user32

SystemParametersInfoW
GetShellWindow
GetWindowThreadProcessId
GetWindowTextLengthW
ReleaseDC
GetDC
wsprintfA
DrawTextA
EndDialog
CreateWindowExW
SetWindowPos
OpenClipboard
SendMessageW
ShowWindow
wsprintfW
GetClientRect
SetClipboardData
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
RegisterHotKey
MessageBoxW
GetWindowRect
GetSystemMetrics
RegisterClassExW
LoadCursorW
DefWindowProcW
PostQuitMessage
CloseClipboard
EmptyClipboard

gdi32

CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
BitBlt
CreateDIBSection
SetBkColor
SetBkMode
SetTextColor
CreateCompatibleBitmap
GetTextExtentPoint32A
SelectObject
CreateFontW

advapi32

AllocateAndInitializeSid
RevertToSelf
SetEntriesInAclW
OpenProcessToken
GetTokenInformation
DuplicateTokenEx
RegOpenKeyExW
SystemFunction036
SetNamedSecurityInfoW
GetNamedSecurityInfoW
AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateToken
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegSetValueExW
SetThreadToken

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExA
SHEmptyRecycleBinA

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

ws2_32

bind
WSACleanup
WSAStartup
gethostname
gethostbyname
WSASocketW
WSAIoctl
closesocket
inet_ntoa
WSAGetLastError
WSAAddressToStringW
shutdown
htons
setsockopt
getsockopt

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

StrStrIA

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

comctl32

ord17
InitCommonControlsEx

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e162d21b33035356f1d16365ff6bb80e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

netapi32

shlwapi

mpr

crypt32

comctl32

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 198KB - Virtual size: 197KB

.data Size: 7KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 198KB - Virtual size: 197KB

.data
Size: 7KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB