cobaltstrike | 4124-123-0x000001EA3AFB0000-0x000001EA3AFFF000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4124-123-0x000001EA3AFB0000-0x000001EA3AFFF000-memory.dmp
Size

316KB
MD5

8563395a4b0dfe281d23398a1a774bdb
SHA1

1e4d5c412b09a034e81c07e51eb2ae073cbdd3f7
SHA256

d6724e6649b0a37b7dd22858364963aea0156a6a9dc49ae87704ae4651916324
SHA512

28cd953a43a137c2bfd5efa9819fd529ee5979be4f0f36f366a179254d0af4245e31fc971747ac81a239797b7b020dc06c99423014e1e8ed7552ab10308cdd2a
SSDEEP

6144:uJqVG5d1IpMyibgkTZI6jHID90a68GXH/:u3d6tevoxK8Gv

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4124-123-0x000001EA3AFB0000-0x000001EA3AFFF000-memory.dmp

Files

4124-123-0x000001EA3AFB0000-0x000001EA3AFFF000-memory.dmp
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ