cobaltstrike | d82eeba0ce83982e09e1fd6ea3537e56df403b8d84ee4d8df3b9c1b1447a8165

Sharing

Copy URL Twitter E-mail

General

Target

d82eeba0ce83982e09e1fd6ea3537e56df403b8d84ee4d8df3b9c1b1447a8165
Size

853KB
MD5

55590e11136cddea03e4df413f1fac4c
SHA1

77ffb0f037cbb7f303a5d189e2ff06caca4f0149
SHA256

d82eeba0ce83982e09e1fd6ea3537e56df403b8d84ee4d8df3b9c1b1447a8165
SHA512

92798bb6e4c7565c01e3639c4f273a310d2854908ed6fa986f8806b6c27f937b4eb7f2bfe6ced2588b5bb5e7b58d7c351c30f0d625d231659eff3560e946903d
SSDEEP

6144:4exTYxzDjbmfPW4XcsYwjwIGIproJweGTIDjhOTRFQ8AbslV5YFeH3N+XhBkzJvQ:dhPWHE/EwehmQ8F/H3N+RBKJvQ

Score

10^/10

1234567890 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

1234567890

http://39.106.227.92:8445/updates.rss

Attributes

access_type
512
beacon_type
8192
host
39.106.227.92,/updates.rss
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
8445
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChc+sS8SexwHwOSwIh7EKbmiP5/FATq8K59r7gWDqpxLfbixTSNybQ9sfRQAJ0kysobYr0K5fepX7gmTXB1i2DngroboLLPg3lHWHTH3WAyGQ4HzkswWoyD5fdOSK4OQ7gigzqCWQenOuOh2cAJ9jPm7ijm3S9Ve2LSm3WC+0JZwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)
watermark
1234567890

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d82eeba0ce83982e09e1fd6ea3537e56df403b8d84ee4d8df3b9c1b1447a8165

Files

d82eeba0ce83982e09e1fd6ea3537e56df403b8d84ee4d8df3b9c1b1447a8165
.exe windows:6 windows x64

1965ca6ac6bc25b1942b81d0f28730f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileSize
GetFileType
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
GetTempPathW
IsDebuggerPresent
EncodePointer
DecodePointer
CloseHandle
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode
QueryPerformanceCounter
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
HeapSetInformation
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
Sleep
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
CreateThread
GetCurrentThreadId
OpenThread
ExitThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetStartupInfoW
OpenProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
GetWindowsDirectoryW
GetVersionExW
CreateFileW
VirtualFree
VirtualProtect
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
FindResourceExW
FreeResource
GetModuleFileNameW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetThreadSelectorEntry
SetHandleCount
lstrcpyW
lstrcatW
lstrlenW
LoadLibraryW
FindResourceW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileSectionW
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LCMapStringW
IsDBCSLeadByte
GetSystemDefaultLCID
GetConsoleCP
GetConsoleMode
WriteConsoleW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
RtlUnwindEx
GetModuleFileNameA
GetModuleHandleExW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
GetCommandLineA
CreateFileA
CreateDirectoryW
SetCurrentDirectoryW
GetCommandLineW
SetStdHandle
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAlloc
OutputDebugStringA

user32

MapWindowPoints
GetSysColorBrush
SetWindowLongW
GetDesktopWindow
GetWindowThreadProcessId
LoadIconW
LoadImageW
DrawIconEx
MapDialogRect
GetGuiResources
BeginPaint
ReleaseDC
GetDC
DrawTextW
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
DestroyMenu
CreatePopupMenu
GetSystemMenu
EnableWindow
KillTimer
SetTimer
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetKeyState
EmptyClipboard
RegisterClipboardFormatW
SetClipboardData
CloseClipboard
OpenClipboard
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
EndPaint

gdi32

SetTextColor
SetBkMode
SelectObject
GetStockObject
CreateFontW
DeleteObject

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW

shell32

SHBindToParent
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
DoDragDrop

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1965ca6ac6bc25b1942b81d0f28730f0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 263KB - Virtual size: 272KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 392KB - Virtual size: 391KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 263KB - Virtual size: 272KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 392KB - Virtual size: 391KB

.reloc
Size: 2KB - Virtual size: 1KB