cobaltstrike | cs[.]bin[.]exe

Resubmissions

20/07/2023, 06:46

230720-hjr6fsdg6x 10

27/11/2022, 13:17

221127-qjc1jaae72 10

Sharing

Copy URL Twitter E-mail

General

Target

cs.bin.exe
Size

255KB
MD5

5fe7fe521eccb38da629d35b188d6d18
SHA1

744ae484ea02df2588a5ba0987ede6f4cbc5882f
SHA256

ce9b0e73874f72dce7901b00fa90716b8fd5ccbda4c4560b3a6866acd7ccdddd
SHA512

8eba1e76b69cf4f208645dd8308af03cf238b8bdd50ac9666a3059b5ee57ae27f446bb8e65f5c164b9cee3b584767c4ef0d3acd4160d72bffa8559dd78c56023
SSDEEP

3072:mr+U7LVLn1BFdjGQX8dbDCRUCnhqxmTy1WOeJfUuIRrT10ZFPjEzcuT5wxAgYJuN:mr+USu+WOeOTCjLEIuTtgi+w2

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://159.223.12.60:80/dz

Attributes

access_type
512
host
159.223.12.60,/dz
http_header1
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAZQWNjZXB0LUVuY29kaW5nOiBnemlwLCBicgAAAAcAAAAAAAAADwAAAAMAAAACAAAANXdvcmRwcmVzc19sb2dnZWRfaW5fMTg3MGE4MjlkOWJjNjlhYmY1MDBlY2E2ZjAwMjQxZmU9AAAABgAAAAZDb29raWUAAAAJAAAAC2dyYW50PWZhbHNlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAATQWNjZXB0LUVuY29kaW5nOiBicgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAAAAHAAAAAQAAAAsAAAADAAAAAgAAAAZwaG90bz0AAAAEAAAABwAAAAAAAAADAAAAAgAAAA5fX3Nlc3Npb25fX2lkPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
10496
maxdns
255
polling_time
19506
port_number
80
sc_process32
%windir%\syswow64\runonce.exe
sc_process64
%windir%\sysnative\runonce.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChMiQ5CKLe76n0aDzYWgdbVN41NzsUX3VHHULF4O0aq5bqjeyM0q9SICkYWgzxPWj6IcNsqyQXAV9lOcH/HZxqfUFl6/dyDxTPvnmau5833UR1acphagCgBJGdyCuAQ90gzI32fcDOFtRuDYTkelV3R9loA6ODEUCuawNMv6vJbQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.272630272e+09
unknown2
AAAABAAAAAIAAAFSAAAAAwAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/panel
user_agent
Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202
watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cs.bin.exe

Files

cs.bin.exe
.dll windows x64

c7aef98e60a4a98b041b1e6d214850ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_SYSTEM

Imports

��ઢ��

��
��
��=��
��
��
��
��
��
��
��
��+��
��+��
��
��
��
��
��p
��`��
��
��
��
��
��
��
��
��
��
��
��
��
��Ή
��Ή
��
��'��΀��
��΀��
��
��Ώ��Έ
��Έ
��
��
��
��
��n��
��
��
��
��
��
��
��f��
��
��
��Λ��
��
��
��
��
��
��
��
��
��
��
��
��
��
��Z��
��i��Z��
��
��
��
��
��
��]��
��4��]��
��
��
��
��
��δ��
��e��δ��
��
��>��
��
��
��a��
��Ώ
��
��
��
��
��d
��
��
��
��Ό��
��
��
��΀��
��
��
��΁
��
��
��
��
��
��L��
��
��
��
��Ό��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��j��
��j��
��j��
��
��
��
��x�� Π��
��x�� Π��
�� Π��
��Π��
��
��
��
��
��
��ΰ
��
��
��
��
��
��Ή��
��ΐ��Ή��
��
��
��
��
��d��
��~
��
��{
��s��{
��Ζ��s��{
��

��ઢ�ι��ઢ��

��q
��
��
��
��
��
��
��
��
��k

��ઢ��

ord15
ord23
ord19
ord4
ord3
ord12
ord115
ord57
ord52
ord14
ord9
ord8
ord10
ord16
ord22
ord111
ord151
ord1
ord2
ord13
ord18
ord116

Exports

Exports

NetworkDebug

Sections

ຫ��
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

༪��
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ય��
Size: 9KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ྪ��
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

༫��
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

c7aef98e60a4a98b041b1e6d214850ff

Headers

DLL Characteristics

File Characteristics

Imports

��������ઢ��

�������ઢ�ι�����ઢ��

������ઢ��

Exports

Exports

Sections

ຫ��� Size: 169KB - Virtual size: 169KB

༪���� Size: 62KB - Virtual size: 62KB

ય��� Size: 9KB - Virtual size: 49KB

ྪ���� Size: 8KB - Virtual size: 8KB

༫���� Size: 4KB - Virtual size: 3KB

��ઢ��

��ઢ�ι��ઢ��

��ઢ��

ຫ��
Size: 169KB - Virtual size: 169KB

༪��
Size: 62KB - Virtual size: 62KB

ય��
Size: 9KB - Virtual size: 49KB

ྪ��
Size: 8KB - Virtual size: 8KB

༫��
Size: 4KB - Virtual size: 3KB