333.bin

First submission 2024-10-15 07:40:04

File details

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	289.0 KB (295936 bytes)
Compile time:	2023-02-16 11:29:01
MD5:	98961233cbdc119f8e7bf379db993c23
SHA1:	b8433d4df316743f7e8218bc4c7eef94729aa6a8
SHA256:	4c1d9bb4fd3730c95c0f207d1b7b4640a3e8ea7d900ac6cdff29354e22e800a7
Import Hash :	b192057eaddd931da1244c6c3e0e1f6e
Sections 5	.text .rdata .data .pdata .reloc
Directories 3	import export relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	56/76 VT report date: 2023-09-21 03:33:46
Malware Type 2	trojan pua
Threat Type 3	cobaltstrike beacon cometer

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://152.136.47.4:8082/333.bin	152.136.47.4	2024-10-15 07:40:04

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x2e0d2	188928	5f4896b617bc438022b3b49dffe7deb474ddd7ce	720b9825bbf834ff09d8fe2cf7da47f2
.rdata	0x30000	0xfb32	64512	979c2034623c33af7432c16f0bc7fa0de7b646bf	21ccb0629cf403eb2a66390f9a9738cc
.data	0x40000	0x11c48	28160	912d1fd9c48a66424089d9dc4fd265ce684ec26d	4182e667ee202d3e7a52a0dfb117a300
.pdata	0x52000	0x22e0	9216	d650e4d44311954a2ca9175afdfb8f3fdcbc5fc7	2020a20641ac1067e1045d590b2903dc
.reloc	0x55000	0xfb8	4096	b8bf0ed0e162ac9f7e053a3a666544ae92f145f7	f2b2fcf238e343d6e514fd8fb24724ac

Anti debug functions 9

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32First
Process32Next
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
bin\amd64\MSPDB110.DLL
mscoree.dll
ADVAPI32.dll
USER32.dll
KERNEL32.dll
WININET.dll
WS2_32.dll
beacon.x64.dll
ntdll.dll
beacon.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Strings analysis - Possible URLs found 1

http://127.0.0.1:%u/

Import functions

ADVAPI32.dll 21 KERNEL32.dll 144 WS2_32.dll 25 WININET.dll 12

Function	Address	Souspicious	Anti Debug
GetTokenInformation	0x180030000
OpenProcessToken	0x180030008
CryptReleaseContext	0x180030010
CryptAcquireContextA	0x180030018
CryptGenRandom	0x180030020
CheckTokenMembership	0x180030028
DuplicateTokenEx	0x180030030
LogonUserA	0x180030038
LookupAccountSidA	0x180030040
FreeSid	0x180030048
AllocateAndInitializeSid	0x180030050
ImpersonateNamedPipeClient	0x180030058
RevertToSelf	0x180030060
GetUserNameA	0x180030068
CreateProcessWithTokenW	0x180030070
CreateProcessWithLogonW	0x180030078
CreateProcessAsUserA	0x180030080
ImpersonateLoggedOnUser	0x180030088
LookupPrivilegeValueA	0x180030090
AdjustTokenPrivileges	0x180030098
OpenThreadToken	0x1800300a0

Function	Address	Souspicious	Anti Debug
CreateNamedPipeA	0x1800300b0
TerminateProcess	0x1800300b8
ReadProcessMemory	0x1800300c0
WriteProcessMemory	0x1800300c8
CreateProcessA	0x1800300d0
GetCurrentDirectoryW	0x1800300d8
GetFullPathNameA	0x1800300e0
GetLogicalDrives	0x1800300e8
FindClose	0x1800300f0
SystemTimeToTzSpecificLocalTime	0x1800300f8
FileTimeToSystemTime	0x180030100
ExpandEnvironmentStringsA	0x180030108
GetFileAttributesA	0x180030110
FindFirstFileA	0x180030118
FindNextFileA	0x180030120
CopyFileA	0x180030128
MoveFileA	0x180030130
GetCurrentProcessId	0x180030138
CreateThread	0x180030140
CreateToolhelp32Snapshot	0x180030148
Thread32First	0x180030150
Thread32Next	0x180030158
Wow64GetThreadContext	0x180030160
Wow64SetThreadContext	0x180030168
VirtualAlloc	0x180030170
VirtualProtect	0x180030178
SetLastError	0x180030180
SetNamedPipeHandleState	0x180030188
PeekNamedPipe	0x180030190
CreateFileA	0x180030198
WaitNamedPipeA	0x1800301a0
GetModuleFileNameA	0x1800301a8
GetComputerNameA	0x1800301b0
GetVersionExA	0x1800301b8
GetACP	0x1800301c0
GetOEMCP	0x1800301c8
GetProcessHeap	0x1800301d0
InitializeProcThreadAttributeList	0x1800301d8
DeleteProcThreadAttributeList	0x1800301e0
SetErrorMode	0x1800301e8
UpdateProcThreadAttribute	0x1800301f0
DuplicateHandle	0x1800301f8
ProcessIdToSessionId	0x180030200
Process32First	0x180030208
Process32Next	0x180030210
GetComputerNameExA	0x180030218
VirtualFree	0x180030220
VirtualQuery	0x180030228
VirtualAllocEx	0x180030230
ConnectNamedPipe	0x180030238
OpenProcess	0x180030240
CreateRemoteThread	0x180030248
OpenThread	0x180030250
GetThreadContext	0x180030258
SetThreadContext	0x180030260
ResumeThread	0x180030268
CloseHandle	0x180030270
MapViewOfFile	0x180030278
UnmapViewOfFile	0x180030280
CreateFileMappingA	0x180030288
ExitProcess	0x180030290
ExitThread	0x180030298
ReadFile	0x1800302a0
GetCurrentThread	0x1800302a8
GetCurrentProcess	0x1800302b0
MultiByteToWideChar	0x1800302b8
GetCurrentDirectoryA	0x1800302c0
SetCurrentDirectoryA	0x1800302c8
GetStartupInfoA	0x1800302d0
DisconnectNamedPipe	0x1800302d8
CreatePipe	0x1800302e0
GetTickCount	0x1800302e8
GetLocalTime	0x1800302f0
FlushFileBuffers	0x1800302f8
WriteFile	0x180030300
WaitForSingleObject	0x180030308
Sleep	0x180030310
GetModuleHandleA	0x180030318
LoadLibraryA	0x180030320
GetLastError	0x180030328
HeapFree	0x180030330
RaiseException	0x180030338
SetEnvironmentVariableW	0x180030340
SetEnvironmentVariableA	0x180030348
HeapAlloc	0x180030350
HeapDestroy	0x180030358
HeapCreate	0x180030360
SetEndOfFile	0x180030368
CreateFileW	0x180030370
WriteConsoleW	0x180030378
SetStdHandle	0x180030380
GetStringTypeW	0x180030388
LCMapStringW	0x180030390
CompareStringW	0x180030398
HeapSize	0x1800303a0
LoadLibraryW	0x1800303a8
OutputDebugStringW	0x1800303b0
FreeEnvironmentStringsW	0x1800303b8
GetEnvironmentStringsW	0x1800303c0
QueryPerformanceCounter	0x1800303c8
RemoveDirectoryW	0x1800303d0
CreateDirectoryW	0x1800303d8
DeleteFileW	0x1800303e0
GetFileType	0x1800303e8
SetFilePointerEx	0x1800303f0
SetFilePointer	0x1800303f8
ReadConsoleW	0x180030400
GetConsoleMode	0x180030408
GetConsoleCP	0x180030410
WideCharToMultiByte	0x180030418
GetCPInfo	0x180030420
IsValidCodePage	0x180030428
RtlUnwindEx	0x180030430
GetProcAddress	0x180030438
VirtualProtectEx	0x180030440
FreeLibrary	0x180030448
EncodePointer	0x180030450
DecodePointer	0x180030458
GetModuleHandleExW	0x180030460
AreFileApisANSI	0x180030468
GetSystemTimeAsFileTime	0x180030470
HeapReAlloc	0x180030478
GetCommandLineA	0x180030480
GetCurrentThreadId	0x180030488
GetStdHandle	0x180030490
GetModuleFileNameW	0x180030498
IsDebuggerPresent	0x1800304a0
IsProcessorFeaturePresent	0x1800304a8
EnterCriticalSection	0x1800304b0
LeaveCriticalSection	0x1800304b8
InitializeCriticalSectionAndSpinCount	0x1800304c0
DeleteCriticalSection	0x1800304c8
RtlCaptureContext	0x1800304d0
RtlLookupFunctionEntry	0x1800304d8
RtlVirtualUnwind	0x1800304e0
UnhandledExceptionFilter	0x1800304e8
SetUnhandledExceptionFilter	0x1800304f0
TlsAlloc	0x1800304f8
TlsGetValue	0x180030500
TlsSetValue	0x180030508
TlsFree	0x180030510
GetStartupInfoW	0x180030518
GetModuleHandleW	0x180030520
LoadLibraryExW	0x180030528

Function	Address	Souspicious	Anti Debug
ntohs	0x1800305a0
gethostbyname	0x1800305a8
socket	0x1800305b0
send	0x1800305b8
connect	0x1800305c0
ioctlsocket	0x1800305c8
WSAIoctl	0x1800305d0
WSACleanup	0x1800305d8
WSAStartup	0x1800305e0
closesocket	0x1800305e8
ntohl	0x1800305f0
htons	0x1800305f8
htonl	0x180030600
recv	0x180030608
shutdown	0x180030610
WSAGetLastError	0x180030618
__WSAFDIsSet	0x180030620
accept	0x180030628
bind	0x180030630
inet_addr	0x180030638
listen	0x180030640
recvfrom	0x180030648
select	0x180030650
sendto	0x180030658
WSASocketA	0x180030660

Function	Address	Souspicious	Anti Debug
InternetReadFile	0x180030538
InternetCloseHandle	0x180030540
InternetConnectA	0x180030548
InternetQueryDataAvailable	0x180030550
InternetQueryOptionA	0x180030558
InternetSetOptionA	0x180030560
InternetSetStatusCallback	0x180030568
HttpOpenRequestA	0x180030570
HttpAddRequestHeadersA	0x180030578
HttpSendRequestA	0x180030580
HttpQueryInfoA	0x180030588
InternetOpenA	0x180030590

PE Exports 1 suspicious

Function	Address
ReflectiveLoader	0x180017aa4