cobaltstrike | d2c4d37c3222bafa0024cf6a390bf28ca782f2f53238093ac470e7714cf466a2 | Triage

Sharing

General

Target

d2c4d37c3222bafa0024cf6a390bf28ca782f2f53238093ac470e7714cf466a2
Size

965KB
MD5

777b628e1eb6f742378c0a57eda05ce5
SHA1

9f1b69fa0612c2e5ff8d1ccdbcbd61651efe9d15
SHA256

d2c4d37c3222bafa0024cf6a390bf28ca782f2f53238093ac470e7714cf466a2
SHA512

b5950f1213cae5024fb48cd951694db82e52668e79eefdb90f0127a0342fa71975d82cfc1d0356f7b0d29c4a98cba813356db14241c11f91ee21a5daed72d473
SSDEEP

12288:8cBUhWhztePxI1jTZeLTMT/8HMBi/4+HVL:8cBi2ACriMTnq

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

C2

http://149.88.69.102:5555/od8R

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d2c4d37c3222bafa0024cf6a390bf28ca782f2f53238093ac470e7714cf466a2

Files

d2c4d37c3222bafa0024cf6a390bf28ca782f2f53238093ac470e7714cf466a2
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ