cobaltstrike | 0f42363ac7c021361fb8577a2849160353432d2ee3fa15fa718e6d1ad474d072

Sharing

Copy URL

Twitter E-mail

General

Target

0f42363ac7c021361fb8577a2849160353432d2ee3fa15fa718e6d1ad474d072
Size

2.2MB
MD5

6db52c6f51326e1651e07c23e80d33e1
SHA1

1b4b8d9190269d8ce57f4d9c68ac4995678a75ad
SHA256

0f42363ac7c021361fb8577a2849160353432d2ee3fa15fa718e6d1ad474d072
SHA512

d4626d56b5917ffd422d05469486c06513b2377762f750bcee0f88dcc1d65e25faa0bebba9705ae392a7c7a8b1d11e3323b42ee302a56cccdb0f08741c28b73a
SSDEEP

24576:TgHXOUVe9hUB4aVVE3c+n0SJvB9wvbmYBLT2HCJ6clMi81s3AKwGh15:TgHXOX9hUB4aVVEW0C6IT2HuwGh15

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://192.168.126.135:80/M5nm

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f42363ac7c021361fb8577a2849160353432d2ee3fa15fa718e6d1ad474d072

Files

0f42363ac7c021361fb8577a2849160353432d2ee3fa15fa718e6d1ad474d072
.exe windows x64

d965a9ce1f3703f07ef48e3c3662b03f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
LocalFree
MultiByteToWideChar
RaiseException
ReleaseSemaphore
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_errno
_filelengthi64
_fileno
_fmode
_fstat64
_initterm
_lseeki64
_onexit
_wfopen
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getwc
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
realloc
setlocale
setvbuf
signal
strcmp
strcoll
strerror
strftime
strlen
strncmp
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm
_write
_read
_fileno
_fdopen
_close

Sections

.text
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d965a9ce1f3703f07ef48e3c3662b03f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 715KB - Virtual size: 714KB

.data Size: 12KB - Virtual size: 11KB

.rdata Size: 67KB - Virtual size: 66KB

.pdata Size: 43KB - Virtual size: 42KB

.xdata Size: 60KB - Virtual size: 60KB

.bss Size: - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 5KB

/4 Size: 2KB - Virtual size: 2KB

/19 Size: 96KB - Virtual size: 96KB

/31 Size: 18KB - Virtual size: 18KB

/45 Size: 39KB - Virtual size: 39KB

/57 Size: 11KB - Virtual size: 11KB

/70 Size: 1024B - Virtual size: 978B

/81 Size: 8KB - Virtual size: 7KB

/97 Size: 50KB - Virtual size: 50KB

/113 Size: 2KB - Virtual size: 1KB

.text
Size: 715KB - Virtual size: 714KB

.data
Size: 12KB - Virtual size: 11KB

.rdata
Size: 67KB - Virtual size: 66KB

.pdata
Size: 43KB - Virtual size: 42KB

.xdata
Size: 60KB - Virtual size: 60KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 5KB

/4
Size: 2KB - Virtual size: 2KB

/19
Size: 96KB - Virtual size: 96KB

/31
Size: 18KB - Virtual size: 18KB

/45
Size: 39KB - Virtual size: 39KB

/57
Size: 11KB - Virtual size: 11KB

/70
Size: 1024B - Virtual size: 978B

/81
Size: 8KB - Virtual size: 7KB

/97
Size: 50KB - Virtual size: 50KB

/113
Size: 2KB - Virtual size: 1KB