cobaltstrike | 9b93941cd180967710b3052374615e5c9a992b6007f18535b139f59d9f709013

Sharing

Copy URL Twitter E-mail

General

Target

9b93941cd180967710b3052374615e5c9a992b6007f18535b139f59d9f709013
Size

11KB
MD5

b5ead9c2fb6cd5f40601bec78f29ae1f
SHA1

8129e6fb4acc758c6726bb5e32bc926b3d3fdfc8
SHA256

9b93941cd180967710b3052374615e5c9a992b6007f18535b139f59d9f709013
SHA512

d189a90eb1f61a3653fefec195487203e335c539380c850f72c72d08c623ad7e7920e114b2de4cd5fbbc4627b92e83cb51385bb382d9a3573eb98c71b82046a9
SSDEEP

192:mmZQ6uUWPjeyq199DAm4wfcF3Q5tf/rPlIY:mgQ6uUKNqeJFF3pY

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://192.168.70.129:7400/KEla

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b93941cd180967710b3052374615e5c9a992b6007f18535b139f59d9f709013

Files

9b93941cd180967710b3052374615e5c9a992b6007f18535b139f59d9f709013
.exe windows x64

0bbfda4b1ee22ddf5b8a6c601e272ff1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlCaptureContext

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

terminate
_register_onexit_function
_crt_atexit
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_seh_filter_exe
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0bbfda4b1ee22ddf5b8a6c601e272ff1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 360B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 360B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 48B