cobaltstrike | 866214edb319a8530343c5cb44af325583bdedca36f3654d6682f88dc7d5420c

Sharing

Copy URL

Twitter E-mail

General

Target

866214edb319a8530343c5cb44af325583bdedca36f3654d6682f88dc7d5420c
Size

146KB
MD5

6b34f42c9745c060cf484b7bccb13481
SHA1

ba14114602e14a3ac5fde011d8d6be2a3df41460
SHA256

866214edb319a8530343c5cb44af325583bdedca36f3654d6682f88dc7d5420c
SHA512

b4036eb5fe368bde4233e93020220f9eab02d8b71bda2d5bb8c273a8ffb00e917a1987eba1ad98895b8fe8d55ed3f8daaa4f4e956faece5a02c9ccf848c1b81e
SSDEEP

3072:Jl2eyA3LM+RdsFnZEoISVhV9sRjMcSohw1i:nfoWsl5VnCF

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://54.238.191.171:12345/n9pF

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MDDCJS)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
866214edb319a8530343c5cb44af325583bdedca36f3654d6682f88dc7d5420c

Files

866214edb319a8530343c5cb44af325583bdedca36f3654d6682f88dc7d5420c
.exe windows:6 windows x64 arch:x64

1673c5ae7a80bd4e507e06b03924e688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReleaseMutex
ReleaseSRWLockShared
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
AcquireSRWLockExclusive
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TryAcquireSRWLockExclusive
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
HeapFree
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
GetConsoleMode
GetModuleHandleW
MultiByteToWideChar
WriteConsoleW
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
HeapReAlloc
CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

ntdll

RtlNtStatusToDosError
NtWriteFile

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memcmp
memmove
memset
memcpy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_initterm
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_set_app_type
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1673c5ae7a80bd4e507e06b03924e688

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 760B

.pdata Size: 5KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 944B

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 760B

.pdata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 944B