cobaltstrike | 7067473988c30a0fb33ba963624ac6c03d045e8656c51d1e7574f75e1f8aa7c6

Sharing

Copy URL Twitter E-mail

General

Target

7067473988c30a0fb33ba963624ac6c03d045e8656c51d1e7574f75e1f8aa7c6
Size

270KB
MD5

057da719377663a5766e7cc06d91fbba
SHA1

9be567da4773e2612e0108d8427b8b5eb9443d16
SHA256

7067473988c30a0fb33ba963624ac6c03d045e8656c51d1e7574f75e1f8aa7c6
SHA512

070303c7abcf374f5168305767c94750b3a6fc0c023e38bcfaaccc84d643082f616d523bcb707ce832ec588dcf204b54edfa99a06f826adfe009887be0f05e9c
SSDEEP

6144:YEG8cZDtrGYpzjr4OVMvvOJJMmGMmw9IArBcvIH/:DQZDtrLpjr1VMvv4JMJMPIArBcvu

Score

10^/10

cobaltstrike

Malware Config

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7067473988c30a0fb33ba963624ac6c03d045e8656c51d1e7574f75e1f8aa7c6

Files

7067473988c30a0fb33ba963624ac6c03d045e8656c51d1e7574f75e1f8aa7c6
.exe windows:6 windows x64

ba427c94a2f588cdd1f786c5c3171e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba427c94a2f588cdd1f786c5c3171e4b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 260KB - Virtual size: 259KB

.pdata Size: 512B - Virtual size: 312B

.00cfg Size: 512B - Virtual size: 56B

.retplne Size: 512B - Virtual size: 140B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 512B - Virtual size: 112B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 260KB - Virtual size: 259KB

.pdata
Size: 512B - Virtual size: 312B

.00cfg
Size: 512B - Virtual size: 56B

.retplne
Size: 512B - Virtual size: 140B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 512B - Virtual size: 112B