Behavioral task
behavioral1
Sample
43fb4c1abaa3a8d79300fcc9eb12214a0b821ffe32f6389cd5e45ba5360e06aa.dll
Resource
win10v2004-20230221-en
General
-
Target
4abd5dd8377e5810116f3665bd8d92f0.zip
-
Size
125KB
-
MD5
0d88f653d7e663779aa40f738626c3c3
-
SHA1
faa0afa395b20cda8e66ffe8580cfff96925bb21
-
SHA256
0436aa3ca7a866433ad800a72ccf479f62e68d966d1363113b1a290fead72137
-
SHA512
2f5e6512e7a0eea830f5126ee43f381a6ec0cde8471edc8855fc15b02d0c6cd852fa0e3b4af376efe37e69e1f2f21a51178eac8172795b9676fbbf760291a46e
-
SSDEEP
3072:DNdlbwbf9y6fMJaLFH2K8mBFn+KJR0vAJF:Draw6fhRH2YBYKEv6
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Signatures
-
Cobaltstrike family
Files
-
4abd5dd8377e5810116f3665bd8d92f0.zip.zip
Password: infected
-
43fb4c1abaa3a8d79300fcc9eb12214a0b821ffe32f6389cd5e45ba5360e06aa.exe.dll windows x64
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 169KB - Virtual size: 169KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ