cobaltstrike | 1664-4-0x000007FEF64B0000-0x000007FEF655C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1664-4-0x000007FEF64B0000-0x000007FEF655C000-memory.dmp
Size

688KB
MD5

11e0c0db63c5138f708fa4b5f4f9a0ee
SHA1

071cff56365eb528b41756a7c7600f71c45018f4
SHA256

adc1e3da528d1a0aecafe9e890a5c4688730afdecb94b582936f9728d34ea745
SHA512

7e8559922732f9f195733507c9e67328f572b4fbb05132e6d0334167fbc60a2c2b31bf79a1698403b4c83164cbd85564efb93953e5a7e5c6f292337f6fe23e67
SSDEEP

12288:4D+rv5FVEpUjbIS0wSJSkORCXdpVo2GN:LrxoUjbIpwSTOWfVPy

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1664-4-0x000007FEF64B0000-0x000007FEF655C000-memory.dmp

Files

1664-4-0x000007FEF64B0000-0x000007FEF655C000-memory.dmp
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ