Behavioral task
behavioral1
Sample
2023-08-23_5a0ce502c410f038b312ed7fc5d56790_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-23_5a0ce502c410f038b312ed7fc5d56790_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Resource
win10v2004-20230831-en
General
-
Target
2023-08-23_5a0ce502c410f038b312ed7fc5d56790_cobalt-strike_cobaltstrike_meterpreter_JC.exe
-
Size
205KB
-
MD5
5a0ce502c410f038b312ed7fc5d56790
-
SHA1
b930ea057159303a97cc5e8dff6f200622e03b0a
-
SHA256
171932622f0002dd02216a7aab2b05054188d557f13bcdd581f5874dca74b807
-
SHA512
c09f7d3b3028455c3cf223a9581f1cecfb1d70263da6b544cfa6c3a3d2846e8135db81ae5d938fe40f3b22207c90f622098130838f758d09c6ada6efc24ca29f
-
SSDEEP
3072:aDszhvVWyEfeNZCR648C9DpOtpsoY/kekBtcYvuFPNjtUyDy75T:aD4Ef6Z4x8C5pGpsoK5Yv0FjVY
Malware Config
Signatures
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule sample cobalt_reflective_dll -
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2023-08-23_5a0ce502c410f038b312ed7fc5d56790_cobalt-strike_cobaltstrike_meterpreter_JC.exe
Files
-
2023-08-23_5a0ce502c410f038b312ed7fc5d56790_cobalt-strike_cobaltstrike_meterpreter_JC.exe.dll windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 148KB - Virtual size: 148KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ