cobaltstrike | b5589ccee7834cdcf7b526da8f8efd882d6b718fe8a087c523aed011bd835d4b

Resubmissions

19/12/2023, 15:55

231219-tc4rfsbhh3 10

Sharing

Copy URL

Twitter E-mail

General

Target

b5589ccee7834cdcf7b526da8f8efd882d6b718fe8a087c523aed011bd835d4b
Size

381KB
MD5

f65907aaf76c20f4bc9b2f522f942174
SHA1

fe5cc69b4d27792bfd1a07bde4e5aa5fd8f9b4d3
SHA256

b5589ccee7834cdcf7b526da8f8efd882d6b718fe8a087c523aed011bd835d4b
SHA512

0d54c4de5af7c57f9b146e3ee047fbef5ccc6dda409bf4278453a041d575397f9ede64dd063775d11c2719290f9e1153889d07f1acc13b63b2fe6495830313ec
SSDEEP

6144:AMnxlZ2h0IaA41uwivP/CGftZnygWzxLjM7HH5EXX/Q:AaRSPFltygWNY7n5

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://124.71.143.196:28888/EfLf

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5589ccee7834cdcf7b526da8f8efd882d6b718fe8a087c523aed011bd835d4b

Files

b5589ccee7834cdcf7b526da8f8efd882d6b718fe8a087c523aed011bd835d4b
.exe windows:6 windows x64 arch:x64

1a885fb586137990697cb9a9b2c93259

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSRWLockShared
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
QueryPerformanceCounter
AcquireSRWLockExclusive
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TryAcquireSRWLockExclusive
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
GetConsoleMode
GetModuleHandleW
FormatMessageW
IsProcessorFeaturePresent
MultiByteToWideChar
WriteConsoleW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId

ntdll

NtWriteFile
RtlNtStatusToDosError

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memmove
memcmp
memcpy
memset
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_initterm
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_set_app_type
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

1a885fb586137990697cb9a9b2c93259

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 310KB - Virtual size: 310KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 512B - Virtual size: 872B

.pdata Size: 10KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 310KB - Virtual size: 310KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 512B - Virtual size: 872B

.pdata
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB