ScreenShot
| Created | 2024.09.27 13:39 | Machine | s1_win7_x6401 |
| Filename | beacon.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (AIDetectMalware, Goshell, tsCV, Malicious, score, Unsafe, V1a7, confidence, Attribute, HighConfidence, high confidence, a variant of WinGo, ShellcodeRunner, romti, R03BC0WHD24, Static AI, Suspicious PE, Detected, Wacatac, ABTrojan, WXXM, Artemis, WinGo, Rozena, Chgt, Rimw, CobaltStrike, susgen) | ||
| md5 | 698977a5b343ea381c62f76b91fd54d5 | ||
| sha256 | d15e35dcb836d038d70b217709261b6a29c1d871c16304368b18ece21b989878 | ||
| ssdeep | 98304:tNF2FJzAANYqEeuDdoVcd9eCjsqok/YOvclynAnib2I:tqrzAAoelidsesEvTnAQn | ||
| imphash | c2d457ad8ac36fc9f18d45bffcd450c2 | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6tl:AwOuUjXOmokx0ol | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x87b160 WriteFile
0x87b168 WriteConsoleW
0x87b170 WerSetFlags
0x87b178 WerGetFlags
0x87b180 WaitForMultipleObjects
0x87b188 WaitForSingleObject
0x87b190 VirtualQuery
0x87b198 VirtualFree
0x87b1a0 VirtualAlloc
0x87b1a8 TlsAlloc
0x87b1b0 SwitchToThread
0x87b1b8 SuspendThread
0x87b1c0 SetWaitableTimer
0x87b1c8 SetProcessPriorityBoost
0x87b1d0 SetEvent
0x87b1d8 SetErrorMode
0x87b1e0 SetConsoleCtrlHandler
0x87b1e8 RtlVirtualUnwind
0x87b1f0 RtlLookupFunctionEntry
0x87b1f8 ResumeThread
0x87b200 RaiseFailFastException
0x87b208 PostQueuedCompletionStatus
0x87b210 LoadLibraryW
0x87b218 LoadLibraryExW
0x87b220 SetThreadContext
0x87b228 GetThreadContext
0x87b230 GetSystemInfo
0x87b238 GetSystemDirectoryA
0x87b240 GetStdHandle
0x87b248 GetQueuedCompletionStatusEx
0x87b250 GetProcessAffinityMask
0x87b258 GetProcAddress
0x87b260 GetErrorMode
0x87b268 GetEnvironmentStringsW
0x87b270 GetCurrentThreadId
0x87b278 GetConsoleMode
0x87b280 FreeEnvironmentStringsW
0x87b288 ExitProcess
0x87b290 DuplicateHandle
0x87b298 CreateWaitableTimerExW
0x87b2a0 CreateThread
0x87b2a8 CreateIoCompletionPort
0x87b2b0 CreateFileA
0x87b2b8 CreateEventA
0x87b2c0 CloseHandle
0x87b2c8 AddVectoredExceptionHandler
0x87b2d0 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x87b160 WriteFile
0x87b168 WriteConsoleW
0x87b170 WerSetFlags
0x87b178 WerGetFlags
0x87b180 WaitForMultipleObjects
0x87b188 WaitForSingleObject
0x87b190 VirtualQuery
0x87b198 VirtualFree
0x87b1a0 VirtualAlloc
0x87b1a8 TlsAlloc
0x87b1b0 SwitchToThread
0x87b1b8 SuspendThread
0x87b1c0 SetWaitableTimer
0x87b1c8 SetProcessPriorityBoost
0x87b1d0 SetEvent
0x87b1d8 SetErrorMode
0x87b1e0 SetConsoleCtrlHandler
0x87b1e8 RtlVirtualUnwind
0x87b1f0 RtlLookupFunctionEntry
0x87b1f8 ResumeThread
0x87b200 RaiseFailFastException
0x87b208 PostQueuedCompletionStatus
0x87b210 LoadLibraryW
0x87b218 LoadLibraryExW
0x87b220 SetThreadContext
0x87b228 GetThreadContext
0x87b230 GetSystemInfo
0x87b238 GetSystemDirectoryA
0x87b240 GetStdHandle
0x87b248 GetQueuedCompletionStatusEx
0x87b250 GetProcessAffinityMask
0x87b258 GetProcAddress
0x87b260 GetErrorMode
0x87b268 GetEnvironmentStringsW
0x87b270 GetCurrentThreadId
0x87b278 GetConsoleMode
0x87b280 FreeEnvironmentStringsW
0x87b288 ExitProcess
0x87b290 DuplicateHandle
0x87b298 CreateWaitableTimerExW
0x87b2a0 CreateThread
0x87b2a8 CreateIoCompletionPort
0x87b2b0 CreateFileA
0x87b2b8 CreateEventA
0x87b2c0 CloseHandle
0x87b2c8 AddVectoredExceptionHandler
0x87b2d0 AddVectoredContinueHandler
EAT(Export Address Table) is none