cobaltstrike | a[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a.exe
Size

31KB
MD5

b2d52ccc70d764b038a1d366c4a4b883
SHA1

349fd942c0817bce9257509aea80638430c067e6
SHA256

745968060bf2f130d199426af9f6819936aaaf32c1dfa58b5cc5fa00e49354cf
SHA512

32e6777cb9a90f07130930db86537b450f80dea55aa95874cd3cb33f78cfa4786098bf2ed15116ac28a88d47d29b55f32f112e4956546ea40a67ddb90b2a9bdb
SSDEEP

384:XY+VL2Yr7SfZWBM4031XjjVLKRRqNyZFrA9Py2BKicb:o+zBM403JxCZlA9RB3q

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://192.168.1.12:80/Wy7V

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)

Signatures

Cobaltstrike family
cobaltstrike

Files

a.exe
.exe windows x86

2823b382064974afd4b0380f79f59d95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/33
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/58
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/86
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2823b382064974afd4b0380f79f59d95

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.buildid Size: 512B - Virtual size: 53B

.data Size: 512B - Virtual size: 200B

.eh_fram Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1024B - Virtual size: 580B

/4 Size: 512B - Virtual size: 175B

/18 Size: 512B - Virtual size: 56B

/33 Size: 512B - Virtual size: 56B

/46 Size: 4KB - Virtual size: 3KB

/58 Size: 512B - Virtual size: 160B

/70 Size: 1024B - Virtual size: 630B

/86 Size: 512B - Virtual size: 194B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 512B - Virtual size: 200B

.eh_fram
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 580B

/4
Size: 512B - Virtual size: 175B

/18
Size: 512B - Virtual size: 56B

/33
Size: 512B - Virtual size: 56B

/46
Size: 4KB - Virtual size: 3KB

/58
Size: 512B - Virtual size: 160B

/70
Size: 1024B - Virtual size: 630B

/86
Size: 512B - Virtual size: 194B