cobaltstrike | 2284-2-0x0000000028570000-0x00000000285BF000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2284-2-0x0000000028570000-0x00000000285BF000-memory.dmp
Size

316KB
MD5

b23f4f0b7afb97be4d4c17f2c0d71320
SHA1

e6cdfef4e2c9fe693f2df3da0c6dc3dec7b43c76
SHA256

792a8537f5aaf702d53d68e47283b1d0dfc6cb0748f0eda52267e9822d4a3ff6
SHA512

929a8eba9ec5d1e0412fe3fdf0c23f1bab14b142b33e4966b69fc8bb619f3e7a0345296259fe3b24e514774f999139a9ea33c9686063fe307ef884a885b8a364
SSDEEP

6144:uJqXG5d1Ip8yibgkTZI6jHID90aTY5/VH/:u9d6devoxE5/5

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2284-2-0x0000000028570000-0x00000000285BF000-memory.dmp

Files

2284-2-0x0000000028570000-0x00000000285BF000-memory.dmp
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ