2024-05-22_62bb5395f750132c7f12778877ebd98d_cobalt-strike_ryuk | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-22_62bb5395f750132c7f12778877ebd98d_cobalt-strike_ryuk
Size

317KB
MD5

62bb5395f750132c7f12778877ebd98d
SHA1

43a8862b1be9503fd7fa83c89ff69df1e71f565c
SHA256

041d4182cc85f6459e48546f3988f3fd4fdb1f5b2660f8fa4dbcdf396f89c401
SHA512

3b2fa2c7b1bea6387271f793fe2fe4fc693154052a2b62218b6842fb40036c20f57302a39893aaa7ed224d2575c809b62d1faf5ddf1ea2fcb589b11a99e1356c
SSDEEP

6144:ZkwEXpnPX542J17agcSLM74kNZQcCkqzAVQiI+WjFDfoY9+6s6Be/ODsTnJzQlnm:ZPEZnPX542J17agcSLM74kNZQczqcQiR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-22_62bb5395f750132c7f12778877ebd98d_cobalt-strike_ryuk

Files

2024-05-22_62bb5395f750132c7f12778877ebd98d_cobalt-strike_ryuk
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 297B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ