cobaltstrike | Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86[.]zip | Triage

Sharing

General

Target

Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.zip
Size

109KB
MD5

15e680539937b3cdfb2140b7c176c754
SHA1

7c2de72357f4b0a2dafbb8f1f0c9735b26755291
SHA256

d702d8b0a40a03bd11d5a645d2da52228e9275e68531c390b65a77709a8e3e86
SHA512

1d51ce25a5f1890cbade191ed7d54b33e3d7c7c2978b74a414f483c39104096b28d6bbb3d7f72bfba08f2a69ff5c5a34ab40f0714177034c2cf24e54308c42b0

Score

10^/10

cobaltstrike

Malware Config

Signatures

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
static1/unpack001/Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.dll	cobalt_reflective_dll

Cobaltstrike family
cobaltstrike

Files

Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.zip
.zip

Password: infected
Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.dll
.dll windows x86

Exports

Exports

_ReflectiveLoader@4