cobaltstrike | 9bb20e584edcbfab252c322058640a12dc9837e4545a107c1a6a397749e291f0

General

Target

9bb20e584edcbfab252c322058640a12dc9837e4545a107c1a6a397749e291f0
Size

11KB
MD5

36271699492dde18015e9d9f29ad20a8
SHA1

b52bcebdd3d05bcd1ae6244b6022986dfc711b9c
SHA256

9bb20e584edcbfab252c322058640a12dc9837e4545a107c1a6a397749e291f0
SHA512

12508df201306b24e6ede21c7a1ee6608c875c2a62e443aeac2751b115b75214f6483de14d64aa4c7f1de0ede71f89f94a1eb3dc7342834f3a11667e5eeade13
SSDEEP

96:r6/Ip6APPsBNqP3stF3oiuOo7kOgxzTJwuLsnn+hx7j3TpLVu5VxZrOl53sP:aIf+NhtuROWKOCx6VxZrQ3s

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.31.214:81/KNtP

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bb20e584edcbfab252c322058640a12dc9837e4545a107c1a6a397749e291f0

Files

9bb20e584edcbfab252c322058640a12dc9837e4545a107c1a6a397749e291f0
.dll windows:6 windows x64

2b18652669199191787a8eaf4b27a927

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
CreateThread
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlVirtualUnwind

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2b18652669199191787a8eaf4b27a927

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 44B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 44B