cobaltstrike | 53e041f7c2056fd6f6c4575c9773027422d2e0de1f59366bf0ff6398332fff79

Sharing

Copy URL Twitter E-mail

General

Target

53e041f7c2056fd6f6c4575c9773027422d2e0de1f59366bf0ff6398332fff79
Size

13KB
MD5

0c4cb43d130160b43181467c28e6a28a
SHA1

e805489b7c49d5bebd5831c22928877e6bcc790a
SHA256

53e041f7c2056fd6f6c4575c9773027422d2e0de1f59366bf0ff6398332fff79
SHA512

704d6e6ff4bde93b465e0ed218a5201cba9634602be22551700bf47ceb31ca99c019cc5da4f5390c35cb9f7df0dfafb15b8c862148cfe4ce4d506af699317e61
SSDEEP

192:WM612oQWQY9WEMj/eoZ1kjfnHHWX/XkcW6v1cW5tfqc:Wn2oQWz9WbLZ1kjfn2I6v1c

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://192.168.238.129:80/JoVN

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53e041f7c2056fd6f6c4575c9773027422d2e0de1f59366bf0ff6398332fff79

Files

53e041f7c2056fd6f6c4575c9773027422d2e0de1f59366bf0ff6398332fff79
.exe windows:6 windows x64

b1a41ce47460d31f4ef1c4d682332459

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
LoadLibraryA
GetLastError
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
UnhandledExceptionFilter

advapi32

CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptAcquireContextA

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

vcruntime140

memcpy
memset
__current_exception_context
__current_exception
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
__p__commode
__stdio_common_vfwprintf

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_initterm
_get_initial_wide_environment
_cexit
_initialize_wide_environment
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_set_app_type
__p___argc
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_c_exit
__p___wargv

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b1a41ce47460d31f4ef1c4d682332459

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 408B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 56B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 408B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 56B