cobaltstrike | 036b324595533a5ad46658348c8dc2c01e89aa45a2969bb08a16268004a16f70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

036b324595533a5ad46658348c8dc2c01e89aa45a2969bb08a16268004a16f70
Size

946KB
MD5

e5c2bd22254015c81d4391b4458832ea
SHA1

fb1e5d6bd47054e4cd249fdb47724a82456a7f0c
SHA256

036b324595533a5ad46658348c8dc2c01e89aa45a2969bb08a16268004a16f70
SHA512

2dcdf201f5b28f89a656f4ebf5d5a44d5054ec33a6255f8f0fabf167919058e92d42f372c84b57fc320b8909762300b9304ed77a9f1616e3d8052134f890d2fa
SSDEEP

12288:AqwJzxGsOFdVFU+eEtt24m12QVlrStSdLpY/Vi6cE+SnINlb8y:NwJVOFZU+eEtg128ln1pWi6N

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.11.128:80/Z9fd

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
036b324595533a5ad46658348c8dc2c01e89aa45a2969bb08a16268004a16f70

Files

036b324595533a5ad46658348c8dc2c01e89aa45a2969bb08a16268004a16f70
.exe windows:4 windows x86

0d6b2433b9af4c1382ad94472120d6be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeBeginPeriod

ws2_32

WSAGetOverlappedResult

ntdll

NtWaitForSingleObject

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
LoadLibraryA
LoadLibraryW
GetThreadContext
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerA
CreateThread
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ