cobaltstrike | 640955e10059eaa253bcb7df6349c607 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

640955e10059eaa253bcb7df6349c607
Size

9KB
MD5

640955e10059eaa253bcb7df6349c607
SHA1

b58c465a38c46fa1cab230d006b65ebefacf78eb
SHA256

e2e4cc827468d0ee58545ad4a3dfff335acb5169f2c3a007110a55bed49abd33
SHA512

46c0e9833776ce329fa845c703de65e73c333b62a933f56c2d2c0f67056bbce6d3c248777d9c8add72b58f683487993e307f008d8d3d864fc1ecc2e3365a78ab
SSDEEP

192:gfxAm2XKdOZo9BRyvgQ9jOPHkJojBhOF:gf2NM9GgEjcHj

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://172.19.52.71:443/AaaZ

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
640955e10059eaa253bcb7df6349c607

Files

640955e10059eaa253bcb7df6349c607
.dll windows:6 windows x86 arch:x86

1683faf5a52cbb1723dff2268f6ebd72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxW

vcruntime140

memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initterm_e
_initterm
_seh_filter_dll
_cexit
_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv

kernel32

GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
UnhandledExceptionFilter
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ