cobaltstrike | 987b90b45c804bc83e2987a2134c4d26981f8ce6e55c24119a37a3fe90d848c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

987b90b45c804bc83e2987a2134c4d26981f8ce6e55c24119a37a3fe90d848c4
Size

11KB
MD5

8ec0f22c1561ff2479be7c56a015a88e
SHA1

8bce9e04237d8c8b417e1906f3d3e9c8cdfa73c6
SHA256

987b90b45c804bc83e2987a2134c4d26981f8ce6e55c24119a37a3fe90d848c4
SHA512

72ddfeef16b6b5ed02d8dd003bd49b2b11f83e78df98a04f12e98094dfe88a3ead4f9134c5e16ad14bbed5180dd2cfe91a85f5c07133375d1f321813f7b030d4
SSDEEP

192:6mi9uq9Xw6lXF3WehMmF99DfA97sqaFw2P93baW:6R9uq9Xwc46sQz

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://10.10.10.130:443/Qjn4

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
987b90b45c804bc83e2987a2134c4d26981f8ce6e55c24119a37a3fe90d848c4

Files

987b90b45c804bc83e2987a2134c4d26981f8ce6e55c24119a37a3fe90d848c4
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ