cobaltstrike | 2856-0-0x0000000001BE0000-0x0000000001C32000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2856-0-0x0000000001BE0000-0x0000000001C32000-memory.dmp
Size

328KB
MD5

85f8552b3ae43dbc478505551c52098c
SHA1

d3a23280898cca7e5258c0f20c9711aba418fa75
SHA256

ee57a17c5bb8d087d02972f369f6b336d28293cf4d341ac266262f13beb5a9df
SHA512

4ae9989cb6a1a5ccf85c80ad9766b65af5c28835c1bd85b12c6149436ce8a6b68d3eef2752a4ffbe105c4110bdee428d08c3133409c4dccef3637746ac205949
SSDEEP

3072:KzbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnLToxdjYJg56vzHk:KzbUWootfDCvT4ZTXzCLMj3g

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2856-0-0x0000000001BE0000-0x0000000001C32000-memory.dmp

Files

2856-0-0x0000000001BE0000-0x0000000001C32000-memory.dmp
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ