cobaltstrike | 33c5d8d9af6f4e08dfb7e2978e16c4a0d5249b20b207d0dd9e2630e98cd49b70

Sharing

Copy URL Twitter E-mail

General

Target

33c5d8d9af6f4e08dfb7e2978e16c4a0d5249b20b207d0dd9e2630e98cd49b70
Size

48KB
MD5

fdbcd841bdf1bc00f2c8896afbddf3ff
SHA1

9b09345af2d22e705be42970a6ddd5e2688ec6a8
SHA256

33c5d8d9af6f4e08dfb7e2978e16c4a0d5249b20b207d0dd9e2630e98cd49b70
SHA512

7222f6187a85139c7907d6aec3886e353b34a0c211e477ae5b0944cd90ed8836345ef27c7ae654c26a292722924400e5ff2ae8d6003a8be9bb6a5b0f80ccd880
SSDEEP

768:X9crojS2MqJRJMomfB3xMizAGNHCHnxtKTQ3bxdjcrN0oNPqfuQ:2qJRmHZzAGQHrU+dhfuQ

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://8.137.10.228:50061/7msF

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; msn OptimizedIE8;ENUS)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33c5d8d9af6f4e08dfb7e2978e16c4a0d5249b20b207d0dd9e2630e98cd49b70

Files

33c5d8d9af6f4e08dfb7e2978e16c4a0d5249b20b207d0dd9e2630e98cd49b70
.dll windows x64

4eacd9b7a4ee4950828e28822605c7d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python310

PyModule_NewObject
PyMethod_Type
PyType_IsSubtype
PyCode_NewWithPosOnlyArgs
_Py_Dealloc
PyTuple_GetItem
PyImport_GetModuleDict
PyModule_GetDict
PyObject_Free
PyErr_ExceptionMatches
PyObject_GC_Del
PyObject_ClearWeakRefs
PyObject_Not
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyList_New
PyImport_AddModule
PyType_Ready
PyObject_GetAttrString
PyErr_Clear
PyUnicode_Decode
_PyObject_GenericGetAttrWithDict
_Py_FalseStruct
PyDict_New
_PyDict_GetItem_KnownHash
PyMem_Free
PyErr_NoMemory
PyDict_GetItemString
PyModuleDef_Init
PyObject_GC_Track
PyBytes_FromStringAndSize
PyExc_TypeError
PyMem_Realloc
PyObject_IsTrue
PyExc_NameError
PyTuple_Pack
PyMem_Malloc
Py_EnterRecursiveCall
PyExc_ImportError
_Py_TrueStruct
PyExc_SystemError
_PyObject_GC_New
PyUnicode_FromString
PyObject_Call
PyUnicode_FromStringAndSize
_PyObject_GetDictPtr
PyImport_GetModule
PyErr_Format
PyDict_Next
PyErr_SetString
PyNumber_Multiply
PyTuple_GetSlice
PyExc_AttributeError
PyDict_Size
PyDict_SetItemString
PyLong_FromString
PyTuple_New
_Py_NoneStruct
PyObject_GetAttr
Py_GetVersion
PyInterpreterState_GetID
PyObject_Hash
PyObject_GC_UnTrack
PyLong_FromLong
PyObject_SetAttrString
PyMethod_New
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyTraceBack_Here
PyObject_GenericGetAttr
PyLong_FromSsize_t
PyErr_Occurred
PyImport_ImportModuleLevelObject
Py_LeaveRecursiveCall
PyFrame_New
PyExc_RuntimeWarning
PyErr_WarnEx
PyErr_GivenExceptionMatches
PyCode_NewEmpty
PyThreadState_Get
PyOS_snprintf
PyCFunction_Type
PyUnicode_InternFromString
PyObject_SetAttr
PyDict_SetItem
PyBaseObject_Type

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsDebuggerPresent
InitializeSListHead

vcruntime140

__C_specific_handler
memset
__std_type_info_destroy_list
strrchr
memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm
_execute_onexit_table
_cexit
_initialize_onexit_table

Exports

Exports

PyInit_execute

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

4eacd9b7a4ee4950828e28822605c7d7

Headers

DLL Characteristics

File Characteristics

Imports

python310

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 200B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 200B