cobaltstrike | 2468-30-0x00000000020A0000-0x00000000020EF000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2468-30-0x00000000020A0000-0x00000000020EF000-memory.dmp
Size

316KB
MD5

1179949bb715d559ef6435935e96d482
SHA1

bcb790504adb1870f0013c65a0b77bc416070feb
SHA256

129dca6f22cff300561a7d49c2971338ff9b00eae304d31f76e4ff7bb3623d0b
SHA512

0eb333f91cf5c1d0e8ed972b70d9a7e6ab6b7194b920db3abbaf323b920e33934abeef0bbc5932db4369c225eba73f784ca901465b3c86168a3863ee2989b47e
SSDEEP

6144:uJqVG5d1IpMyibgkTZI6jHID90acGEQH/:u3d6tevoxsGEm

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2468-30-0x00000000020A0000-0x00000000020EF000-memory.dmp

Files

2468-30-0x00000000020A0000-0x00000000020EF000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ