cobaltstrike | 3f46fb85491f0a4ef48889233533fea26237fe8daa2757484e8f81f06eaac4c6

Sharing

Copy URL

Twitter E-mail

General

Target

3f46fb85491f0a4ef48889233533fea26237fe8daa2757484e8f81f06eaac4c6
Size

206KB
MD5

7308c79161e99afcac75190b30c9475c
SHA1

f03ffcf38b1fde66c52332514b2f793225864a59
SHA256

3f46fb85491f0a4ef48889233533fea26237fe8daa2757484e8f81f06eaac4c6
SHA512

bffad7e159fdd4e29972335dc424fb0fef632e59eb4302e49f9410c48cbcf5ccf22efa9b9d1a5e4d562967138d0b1894d43069ec46a772004d6af8a1d3b4e916
SSDEEP

6144:ERquhqMD0cdRScc6stsxB4WLks1YarGR8Wjo/gj:+3hdEjWLks1YarGR85Yj

Score

10^/10

100000000 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000000

http://120.27.109.132:4433/apiv4/getStatus

Attributes

access_type
512
beacon_type
2048
host
120.27.109.132,/apiv4/getStatus
http_header1
AAAACgAAABFYLUNsaWVudDogbm90ZXZpbAAAAAcAAAAAAAAAAwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAABFYLUNsaWVudDogbm90ZXZpbAAAAAcAAAAAAAAADQAAAAUAAAADa2V5AAAABwAAAAEAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
10000
port_number
4433
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqHVXVZquibQAhttBE06l/oYEadfHtxH9iNqNdLrOuAkNVvvYM8aL2SBgw2oGmAROS72LpWQPrUAluAkkfhU6yJytVpMcXEqmAVYDjFZRtO9DbGYNfGzK6r5ohWytHMwe4XLVx+hGd5sinqnTWEKn96DIt50onjy5eizDIN8VgJQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/apiv4/updateConfig
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62
watermark
100000000

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f46fb85491f0a4ef48889233533fea26237fe8daa2757484e8f81f06eaac4c6

Files

3f46fb85491f0a4ef48889233533fea26237fe8daa2757484e8f81f06eaac4c6
.dll windows x86

64a4179f7e7053cfdfae0c649fb23488

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

��

��
��Ô
��
��
��
��
��
��
��
��
��
��
��
��
��
��.��Z��
��.��Z��
��.��Z��
��Z��
��
��ê��0��񅪱��1��񍦻��
��0��񅪱��1��񍦻��
��񅪱��1��񍦻��
��񍦻��
��
��
��񐭢��
��
��
��
��A��y
��y
��
��
��x
��>��j��
��j��
��
��u��
��
��
��
��
��Ý��á��
��á��
��
��
��
��
��G��
��
��C��񅪱��
��񅪱��
��񍦻��\��
��
��
��
��
��
��
��V
��é��V
��
��
��
��
��
��
��
��A��
��
��
��
��f��
��d��f��
��
��
��
��Z��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��Ù��
��
��
��æ��
��æ��
��[��æ��
��
��
��K��
��ÿ��K��
��
��
��
��W��
��
��l
��
��
��í��
��
��ß��
��
��þ
��
��
��
��;��
��
��
��4��2��
��4��2��
��2��
��
��3��
��
��
��
��Ò��z��Ã��
��z��Ã��
��Ã��
��
��
��
��
��
��Ð��m��n��
��ì
��
��
��
��
��M
��
��
��
��
��Ê��
��
��^��
��z
��
��w
��
��n��
��m��n��

��r

��
��
��
��
��
��
��Z
��
��j
��Ü
��
��

��

ord52
ord19
��
ord115
ord116
ord23
��
ord14
ord9
ord8
ord4
ord15
ord16
ord22
ord111
ord10
ord1
ord13
ord151
ord2
ord18
ord3

Exports

Exports

_xdfdskfekfkhiehh@4

Sections

��
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

64a4179f7e7053cfdfae0c649fb23488

Headers

DLL Characteristics

File Characteristics

Imports

�������������

������������r

�����������

Exports

Exports

Sections

������ Size: 149KB - Virtual size: 148KB

������� Size: 39KB - Virtual size: 39KB

������ Size: 8KB - Virtual size: 41KB

������� Size: 8KB - Virtual size: 7KB

��

��r

��

��
Size: 149KB - Virtual size: 148KB

��
Size: 39KB - Virtual size: 39KB

��
Size: 8KB - Virtual size: 41KB

��
Size: 8KB - Virtual size: 7KB