Managed XDR

g-extract-2021-samples...9cd094f8c963b65180.vir (Cobalt Strike) — malware analysis report

File info

Filename
g-extract-2021-samples-exe32-virussign.com_0e1b2adf34957d9cd094f8c963b65180.vir
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
166 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
f1c6bb95a5f16da50851dc0eedf0c28258b16084
SHA256
fc7b3429dc551bd7e10808d44545e583b2a377b6d2f30fb5feb5c38ca7ee39e0
MD5
0e1b2adf34957d9cd094f8c963b65180

Malwares

  • Cobalt Strike

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files

Command and Control

T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

yara_rules: Static rules
shellcode_wininet: Wininet-shellcode behaviour detected
dead_host: Connects to IP addresses that do not respond to requests
no_graphical_activity: No graphic activity
create_rpc_bindings: Creates RPC connection
get_policy_info: Retrieves information about a Policy object

Related reports