cobaltstrike | 5e9d8ce49a6671ee41feda5a3b3941bd45ed534d8a4a35134550d03a932554e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e9d8ce49a6671ee41feda5a3b3941bd45ed534d8a4a35134550d03a932554e1
Size

946KB
MD5

5e5c152cb7d5c3d8b2008fd05d7f6780
SHA1

6f5819a0d8ae8fc73b836fd6fec59f1363fe616f
SHA256

5e9d8ce49a6671ee41feda5a3b3941bd45ed534d8a4a35134550d03a932554e1
SHA512

8919b9ea21eff1daf6f6d7c2b63c9c2129580373ad3edb67de6646d3a3f4ec135fed0fecc0dded437a1c19bcf46842c21857a750374e24f75448312e0ba8b82e
SSDEEP

12288:xqwJzxGsOFdVFU+eEtt24m12QVlrStSdLpYgD0aTCCRqSGrSc:4wJVOFZU+eEtg128ln1p3w7

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://35.235.86.69:80/Eju9

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e9d8ce49a6671ee41feda5a3b3941bd45ed534d8a4a35134550d03a932554e1

Files

5e9d8ce49a6671ee41feda5a3b3941bd45ed534d8a4a35134550d03a932554e1
.exe windows:4 windows x86

0d6b2433b9af4c1382ad94472120d6be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeBeginPeriod

ws2_32

WSAGetOverlappedResult

ntdll

NtWaitForSingleObject

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
LoadLibraryA
LoadLibraryW
GetThreadContext
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerA
CreateThread
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ