TurtleSUSP-240127-06-CobaltStrike-75b69b[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TurtleSUSP-240127-06-CobaltStrike-75b69b.exe
Size

46KB
MD5

a997ce79a445f0928e3ad74553528fc0
SHA1

75b69ba0b2acd6c1a92ab7c4ae4667aedad9769c
SHA256

cbd30064862c3394ca5b660cb7a9e4ea8a5379cf2192b9e6747548163435ed39
SHA512

e8cf65c29db5046b96700c7f1bd1882c9842a6a41410e4413f79aca9c041a551ce8d1218a9f6c961d0655f93f95b456747a932f89a3969a506ebbceaac915f76
SSDEEP

768:mGC44Icl8MzFBRJErDTVXfvI3BHRHHknjcN:fC44I08MzFBGDTh3aBHN8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TurtleSUSP-240127-06-CobaltStrike-75b69b.exe

Files

TurtleSUSP-240127-06-CobaltStrike-75b69b.exe
.exe windows:6 windows x64 arch:x64

9ed7a11e217e169d3ebe2e2c8dd1114c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\temp\ConsoleApplication2\x64\Release\ConsoleApplication2.pdb

Imports

kernel32

VirtualProtect
VirtualAlloc
Sleep
GetCurrentThread
VirtualQuery
GetCurrentProcess
GetCurrentThreadId
SuspendThread
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
ResumeThread
GetThreadContext
IsProcessorFeaturePresent
SetThreadContext
FlushInstructionCache
VirtualFree
VirtualProtectEx
VirtualQueryEx
SetLastError
GetLastError
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

wininet

HttpSendRequestW
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetOpenA

vcruntime140

__C_specific_handler
__std_exception_copy
__std_exception_destroy
memcpy
__current_exception_context
memset
__current_exception
_CxxThrowException
memmove

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_set_fmode
__stdio_common_vfprintf
__p__commode

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_get_initial_narrow_environment
terminate
_set_app_type

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ed7a11e217e169d3ebe2e2c8dd1114c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB