cobaltstrike | 1236-55-0x0000000002590000-0x0000000002A02000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1236-55-0x0000000002590000-0x0000000002A02000-memory.dmp
Size

4.4MB
MD5

0545b61bc2b85722042106f55644d2a8
SHA1

5fe65f59e8e01696d46435ae80e171a634aefb27
SHA256

104817ddc0416e92308065008361668c360f2a1a9412ad8827ebcb76a8108ce9
SHA512

81674f126b66332ce79a3d1885561887d56bac1133888c4b0d04413424459d056474a74e32787b97a865f5be03ac8a9bdfa526ce7ee64378f434b754e16b023c
SSDEEP

3072:eNhWKHXsrtEaLjXIuTvYdJN5yFxTWzHV5/E3t349r7LtRYJO0zeITissnzEAugq:eNhWBXXI2YdYTW7s3q9hRCTiIAu

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1236-55-0x0000000002590000-0x0000000002A02000-memory.dmp

Files

1236-55-0x0000000002590000-0x0000000002A02000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ