cobaltstrike | 47113059c1ee869e24ad2227aaddb650323dd6da0b2f1eec44a9c6c22967e0f2

Sharing

Copy URL Twitter E-mail

General

Target

47113059c1ee869e24ad2227aaddb650323dd6da0b2f1eec44a9c6c22967e0f2
Size

908KB
MD5

12601385600605f58c12e7c605d69d71
SHA1

62e7a82752dc2b80db640ad743ef5f8b400f2538
SHA256

47113059c1ee869e24ad2227aaddb650323dd6da0b2f1eec44a9c6c22967e0f2
SHA512

deed8ba3ddb77bdc1d0d030dc414385d85253a181aaea575e61e9844dcd4e82fc60482333b467d7d34c647edd8f3de4319b26e58e98b1febd86a01f51d0b5a45
SSDEEP

24576:tqwndjfp6uObrEInpFJhWjAsAUHfP0hPv7FKOPpvGl5:Q4pyr9pFj/KfP0hXtvGl5

Score

10^/10

upx cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://172.21.72.102:80/q5oH

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)

Signatures

Cobaltstrike family
cobaltstrike

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
47113059c1ee869e24ad2227aaddb650323dd6da0b2f1eec44a9c6c22967e0f2
unpack001/out.upx

Files

47113059c1ee869e24ad2227aaddb650323dd6da0b2f1eec44a9c6c22967e0f2
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 907KB - Virtual size: 908KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.0MB

UPX1 Size: 907KB - Virtual size: 908KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 479KB - Virtual size: 479KB

.rdata Size: 523KB - Virtual size: 523KB

.data Size: 18KB - Virtual size: 377KB

/4 Size: 512B - Virtual size: 295B

/19 Size: 100KB - Virtual size: 100KB

/32 Size: 20KB - Virtual size: 19KB

/46 Size: 512B - Virtual size: 48B

/65 Size: 186KB - Virtual size: 185KB

/78 Size: 101KB - Virtual size: 100KB

/90 Size: 32KB - Virtual size: 32KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.symtab Size: 77KB - Virtual size: 76KB

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 907KB - Virtual size: 908KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 479KB - Virtual size: 479KB

.rdata
Size: 523KB - Virtual size: 523KB

.data
Size: 18KB - Virtual size: 377KB

/4
Size: 512B - Virtual size: 295B

/19
Size: 100KB - Virtual size: 100KB

/32
Size: 20KB - Virtual size: 19KB

/46
Size: 512B - Virtual size: 48B

/65
Size: 186KB - Virtual size: 185KB

/78
Size: 101KB - Virtual size: 100KB

/90
Size: 32KB - Virtual size: 32KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.symtab
Size: 77KB - Virtual size: 76KB