cobaltstrike | 77563c52e2217ad4e72a1a5c6f9f19783a8e74d999b73f02719b14c8b06d21c6

Sharing

Copy URL Twitter E-mail

General

Target

77563c52e2217ad4e72a1a5c6f9f19783a8e74d999b73f02719b14c8b06d21c6
Size

252KB
MD5

a69f9dd354e5cfa30767d454bb8d6f81
SHA1

99eaf8383c8a09b539e5acbf10aac8496bc28d8e
SHA256

77563c52e2217ad4e72a1a5c6f9f19783a8e74d999b73f02719b14c8b06d21c6
SHA512

4544b9f2ec8d7b4feebc3516f80f4a1c1e108065900a5069190dfc9b7fa0ae3a3331e2af099ec9258be08886d980217f04090e1b13d13b075844b107284835f0
SSDEEP

6144:4FUS88jGSJk+Yp3M6Kx4OSZTDJ5vchJWo5F4VJfM:EUsjGSJkTlM6Y1SZTDDvcjWW4XfM

Score

10^/10

1359593325 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

Attributes

beacon_type
512
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
pipe_name
\\.\pipe\mojo_b7
polling_time
10000
port_number
4444
sc_process32
%windir%\syswow64\wextract.exe
sc_process64
%windir%\sysnative\wsmprovhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVMqYvUS0lfEADJQDr8S+olcH2OoKADXwvMJleJ6GxtbLacHPPF279VEXTRQO/N5dHAlENybRUfVZrICrVHFfXixM6GlJmwcAwNRhV+AoHGvr8FZrwAm0420GEb5B0dDNbO+XQZEjzrBWn5MWsEYk5O1jB29ziNdHujjXrJ959MwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
watermark
1359593325

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77563c52e2217ad4e72a1a5c6f9f19783a8e74d999b73f02719b14c8b06d21c6

Files

77563c52e2217ad4e72a1a5c6f9f19783a8e74d999b73f02719b14c8b06d21c6
.dll windows:5 windows x64 arch:x64

6bb4a17e191907ffb6c2d0fff78664ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_SYSTEM
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

��

��
��=��
��
��
��
��
��
��
��
��+��
��+��
��
��
��
��
��p
��`��
��
��
��Â��
��
��
��
��
��
��񐭢��
��񅪱��񍦻��
��񍦻��
��
��
��É
��É
��
��'��À��
��À��
��
��È
��
��
��
��
��n��
��
��
��
��
��
��
��f��
��
��
��Û��
��
��񅪱��
��񍦻��
��
��
��
��
��
��
��
��
��
��Z��
��
��
��
��
��4��
��
��ß
��
��e
��
��
��
��
��F��
��
��
��ô��
��e��ô��
��
��>��
��
��
��a��
��Ï
��
��
��
��
��d
��
��
��
��Ì��
��
��
��À��
��
��
��Á
��
��
��
��
��
��
��
��
��L��
��
��
��
��Ì��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��
��j��
��j��
��j��
��
��
��
��x�� à��
��x�� à��
�� à��
��à��
��
��w��
��ð
��
��
��
��
��É��
��Ð��É��
��
��
��
��
��~
��
��{
��s��{
��Ö��s��{
��
��
��
��
��å��
��

��

ord13
ord2
��
��
ord23
ord115
ord3
ord14
ord9
ord8
ord4
ord19
ord52
ord1
ord16
ord15
ord10
ord22
ord111
ord151
ord18
ord116

Exports

Exports

execute

Sections

��
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 9KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

6bb4a17e191907ffb6c2d0fff78664ed

Headers

DLL Characteristics

File Characteristics

Imports

�������������

�����������

Exports

Exports

Sections

������ Size: 165KB - Virtual size: 164KB

������� Size: 62KB - Virtual size: 61KB

������ Size: 9KB - Virtual size: 48KB

������� Size: 8KB - Virtual size: 7KB

������� Size: 4KB - Virtual size: 3KB

��

��

��
Size: 165KB - Virtual size: 164KB

��
Size: 62KB - Virtual size: 61KB

��
Size: 9KB - Virtual size: 48KB

��
Size: 8KB - Virtual size: 7KB

��
Size: 4KB - Virtual size: 3KB