cobaltstrike | 3748-377-0x000002156F990000-0x000002156F9DE000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3748-377-0x000002156F990000-0x000002156F9DE000-memory.dmp
Size

312KB
MD5

5d33e26e038cade7445b6f9765d9a450
SHA1

d5d386b694b4277220533de5d7a595c527330215
SHA256

d6fa44bef0994866e2c871895634366b3ac945aec5b5cf063d05d7ed4ca38703
SHA512

cfdf103b2f2dab6e02be4bc2f7ce340a4103dd74e45eb4351d7f86a0da85ebef26c9e1a94ca89f20100a2c66be152431093c055a24ff4a7c517c944addf03b40
SSDEEP

3072:ksYckn3Xzq4IDwSK2Mbn/gprEJwJNJsCwQTIfXouPruOOTRbLJ9AYJ+rCotiiiiC:ksYwjwIGIprEJweGTIDjhOTR3Aw/

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3748-377-0x000002156F990000-0x000002156F9DE000-memory.dmp

Files

3748-377-0x000002156F990000-0x000002156F9DE000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ