cobaltstrike | 1108-54-0x00000000021F0000-0x0000000002662000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1108-54-0x00000000021F0000-0x0000000002662000-memory.dmp
Size

4.4MB
MD5

d74449da31c03a93df658f0574ccca6a
SHA1

05d3400a17f0d27cb8e93dcebe29176a6fb37443
SHA256

f1934173ddfb8cc5516e001bad673c0739103053e7d940a3af0308365948318d
SHA512

743bc2607691717e852de967eacb5e50c1697e54017ceb229e3d7a2876a2abb28a23b27a5a7055dd0831c32929d7f6d6f2bc508c243c3dbea542e2a8d0b9a816
SSDEEP

3072:eNhWKHXsrtEaLjXIuTvYdJN5yFxTWzHV5/E3t34XPPNLYJNzeITis2VbmAugq:eNhWBXXI2YdYTW7s3qXtLsTiRmAu

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1108-54-0x00000000021F0000-0x0000000002662000-memory.dmp

Files

1108-54-0x00000000021F0000-0x0000000002662000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ