Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
2023-08-25_e8291d75e5dcfb3096f4bdaa13ccabf0_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-25_e8291d75e5dcfb3096f4bdaa13ccabf0_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Resource
win10v2004-20230915-en
General
-
Target
2023-08-25_e8291d75e5dcfb3096f4bdaa13ccabf0_cobalt-strike_cobaltstrike_meterpreter_JC.exe
-
Size
218KB
-
MD5
e8291d75e5dcfb3096f4bdaa13ccabf0
-
SHA1
3ab63d4c4f8d3cf262841db601869ce3c2a47e80
-
SHA256
0656e195b038acae78a5f0bd2c7f54bc7453ce2b248599e01082df0cbef2f544
-
SHA512
e3d0236e1cd4b973de9f02b20610a3fa01755cc73c85b1bbf4430cfdf4dcbc78e9383d278c542b96af3656a3459ac60e531f9b3808849879befcf434552d71f5
-
SSDEEP
3072:sjOnlxzSQPohlI4qd8Iw04H5iS++Jf+l3wvy/MfLi/hJjNU25D:sj4PPoXI4w8I1+in+RoAPfLi/nj
Malware Config
Signatures
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule sample cobalt_reflective_dll -
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2023-08-25_e8291d75e5dcfb3096f4bdaa13ccabf0_cobalt-strike_cobaltstrike_meterpreter_JC.exe
Files
-
2023-08-25_e8291d75e5dcfb3096f4bdaa13ccabf0_cobalt-strike_cobaltstrike_meterpreter_JC.exe.dll windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 153KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ