cobaltstrike | 0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708

Sharing

Copy URL

Twitter E-mail

General

Target

0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708
Size

198KB
MD5

0680fe53376730d44f9878e0ebeef36d
SHA1

a327a919d0234adfdccc84c407b030d46223cd22
SHA256

0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708
SHA512

47269daea0d7acc0fad0b876d852c5e635ed8771d75bd0410458ef329e5e2f3231cd2b21bb98de26ba1ee1c8afb7d33303df8b774a0f8b17dca53af052197e75
SSDEEP

3072:GeEqL5PyWuniHYDkcSIEa5NcT1B2S66CIPzPF5jwUtMV:NyWudocSFyNcT15PzPDj

Score

10^/10

1 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

Attributes

beacon_type
512
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
pipe_name
\\.\pipe\msagent_efe7
polling_time
10000
port_number
4444
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVooVUolYxNUGPzpHLBl9YHmdkM2TCjD8HuHyLOxTo2D3AvxCxmohzjqAV5cNdk/CYE/gJevEmYf0FzJzoW3unlrjIsTNOnpvcirkDrny+l/0+qkAmGBBA3oR6r6uht/JgKr0b3J6lJXhGtx/t5qnMS7d7qxj9hRqFO10+wnjfqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
watermark
1

Signatures

Cobaltstrike family
cobaltstrike

Files

0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708
.dll windows x86

c9149ff1e4435082839e0b90175332bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

��ઢ��

��Z��
��
��
��Ν��H��Ρ��
��H��Ρ��
��Ρ��
��
��
��
��
��
��
��
��η��Ϊ��Σ
��Ϊ��Σ
��Σ
��
��
��W��0��1��
��0��1��
��1��
��
��
��
��
��'��j��
��j��
��
��
��
��u��
��
��
��
��.��Z��
��΅��ઢ��
��΅��ઢ��
��.��Z��
��.��Z��
��
��
��
��
��
��
��
��
��
��
��
��
��Δ
��
��
��
��
��
��ά��
��Ω��ά��
��
��
��
��
��Ψ��
��
��
��
��3��
��΍��3��
��
��f��
��
��
��
��Z��
��d��f��
��x
��
��
��
��
��
��
��
��
��
��
��
��
��Ι��
��
��
��Φ��
��Φ��
��[��Φ��
��O��[��Φ��
��
��
��
��A��
��
��V
��
��
��K��
��ο��K��
��
��
��l
��
��
��
��>��
��
��Ο��
��Ο��
��
��ξ
��
��
��
��;��
��
��
��2��
��
��3��
��
��
��
��Β��z��΃��
��z��΃��
��΃��
��
��
��
��
��
��S
��
��
��
��|
��ά
��
��
��
��
��M
��
��
��
��
��Ί��
��T��Ί��
��*��T��Ί��
��G��*��T��Ί��
��
��X��
��
��^��
��
��w
��
��
��
��n��
��m��n��
��ΐ��m��n��
��
��
��
��"��
��
��

��ઢ��

ord2
ord23
ord3
ord57
ord9
ord115
ord116
ord52
ord14
ord8
ord19
ord4
ord1
ord16
ord15
ord22
ord111
ord10
ord151
ord12
ord18
ord13

��

��
��

��ઢ��

��
��&
��

Exports

Exports

_ReflectiveLoader@4

Sections

ຫ��
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

༪��
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ય��
Size: 9KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

༫��
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

c9149ff1e4435082839e0b90175332bd

Headers

DLL Characteristics

File Characteristics

Imports

��������ઢ��

������ઢ��

�������������

�������ઢ��������������������

Exports

Exports

Sections

ຫ��� Size: 141KB - Virtual size: 140KB

༪���� Size: 39KB - Virtual size: 39KB

ય��� Size: 9KB - Virtual size: 63KB

༫���� Size: 7KB - Virtual size: 7KB

��ઢ��

��ઢ��

��

��ઢ��

ຫ��
Size: 141KB - Virtual size: 140KB

༪��
Size: 39KB - Virtual size: 39KB

ય��
Size: 9KB - Virtual size: 63KB

༫��
Size: 7KB - Virtual size: 7KB