Behavioral task
behavioral1
Sample
65086936f877e647c8f01496b7b54abcdd8a8bc8ef8dbbf80a6771001cdc0e8c.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
65086936f877e647c8f01496b7b54abcdd8a8bc8ef8dbbf80a6771001cdc0e8c.dll
Resource
win10v2004-20230831-en
General
-
Target
65086936f877e647c8f01496b7b54abcdd8a8bc8ef8dbbf80a6771001cdc0e8c
-
Size
6KB
-
MD5
f648ef439e3ef1851acd754716cef2a6
-
SHA1
75625d7a1935f8065a25ae75dab6617b0604b709
-
SHA256
65086936f877e647c8f01496b7b54abcdd8a8bc8ef8dbbf80a6771001cdc0e8c
-
SHA512
5866efe71a4681c9f6ca464e72d0bf49c7a1ff18467f0df9f955beca6c0cd45462705795d11caf1eb9ae9e503ff427686a57490df8de9780ef2c9bd51ad6fa60
-
SSDEEP
96:E7mNMWHMSLUT012/4CaADwNdZmMlTQP3ukq5vrcSepEAJqx:EIMkOaZzmMtQWfxcSQs
Malware Config
Extracted
cobaltstrike
http://service-mxd9ixv3-1255936572.sh.apigw.tencentcs.com:443/logo64x64.gif
-
user_agent
Accept: text/html,application/xml;*/*; Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 Host: service-mxd9ixv3-1255936572.sh.apigw.tencentcs.com
Signatures
-
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 65086936f877e647c8f01496b7b54abcdd8a8bc8ef8dbbf80a6771001cdc0e8c
Files
-
65086936f877e647c8f01496b7b54abcdd8a8bc8ef8dbbf80a6771001cdc0e8c.dll windows x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ