cobaltstrike | 1288-55-0x0000000000310000-0x000000000035F000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1288-55-0x0000000000310000-0x000000000035F000-memory.dmp
Size

316KB
MD5

9ef534e59c17e5f9ac8ef881480b573b
SHA1

6cc822b694ee7db94e8cd34c9cc30fb7171f4ff7
SHA256

e95f309e42fd78744649c637ccdcec6277d5514cc45fae56714ea42725fcc5c6
SHA512

bc4ee71a4208aa33b98ef7e0c8eae3187b6189234d18bdc6636e5a6ea3aad8e3942293a4146f47b663e21cee9bbe0b6bf48f195373648aac41fb80e77d1d19fd
SSDEEP

6144:uJqVG5d1IpMyibgkTZI6jHID90ax7b5SH/:u3d6tevoxh7b50

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1288-55-0x0000000000310000-0x000000000035F000-memory.dmp

Files

1288-55-0x0000000000310000-0x000000000035F000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ