2024-06-01_f48698187eb1ff9928b223d67949f775_cobalt-strike_ryuk | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_f48698187eb1ff9928b223d67949f775_cobalt-strike_ryuk
Size

920KB
MD5

f48698187eb1ff9928b223d67949f775
SHA1

223e7eb015a6bf387474817a120726f45300b03f
SHA256

6b6bc7bb47b3a66cdac20c2b5998fe00b033714316c75d75c16a38973971338d
SHA512

bd64a8125c568712fa2a0dc83aa3b157a8300a209aa271c1feb1d2b820253a170746923eed890e88cd40e0cd7279f84dc2f4b739194cff747e351f39074d14ab
SSDEEP

12288:rPWp7h9xaIuMirA7i2Zuu/O6tF0tzc0h3U/HAuzlu4fl5PoiQBzZoV:YPxXh8qZZuu/DtFy/e/HAuzlOpZW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_f48698187eb1ff9928b223d67949f775_cobalt-strike_ryuk

Files

2024-06-01_f48698187eb1ff9928b223d67949f775_cobalt-strike_ryuk
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 848KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 441B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE