cobaltstrike | 78191e7dc1ccb6f81e5b956981b9948ce069dc70db72e51ad49702915f2d179c

General

Target

78191e7dc1ccb6f81e5b956981b9948ce069dc70db72e51ad49702915f2d179c
Size

11KB
MD5

498f9d0fcb4a58a665dd9df615c155f1
SHA1

450f320451b5b4b1521f2fb256df633e85a5d87a
SHA256

78191e7dc1ccb6f81e5b956981b9948ce069dc70db72e51ad49702915f2d179c
SHA512

7b58d6a54c413ee31d52c1c9774457dd30aad261d7ee65810f251f5902e600b7c80cee542d621367cbde8d524fb1ad0c97ca5e7fddddffeac452e5502997099a
SSDEEP

192:G6N/aExNLKAfSnytfKkNXbouSWaFP4Lycn:fnfSylLR8Gf

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.198.128:4445/DXVk

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78191e7dc1ccb6f81e5b956981b9948ce069dc70db72e51ad49702915f2d179c

Files

78191e7dc1ccb6f81e5b956981b9948ce069dc70db72e51ad49702915f2d179c
.dll windows:6 windows x64 arch:x64

a5974714081ff32ea56e136cc4080e4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
CreateThread
WaitForSingleObject
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlVirtualUnwind

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

Exports

Exports

GetInstallDetailsPayload
SignalInitializeCrashReporting

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

a5974714081ff32ea56e136cc4080e4e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 44B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 44B