2024-06-25_ac895f97c6e21c63b7c51c93616c138c_cobalt-strike_ryuk | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_ac895f97c6e21c63b7c51c93616c138c_cobalt-strike_ryuk
Size

448KB
MD5

ac895f97c6e21c63b7c51c93616c138c
SHA1

9987800c932b2d6bc677e11048f38ee3c45e30e4
SHA256

c6b48ff19a184df6ade7ba5b30077b4ee54fc51d382ca5e0b1a57a4b7baf77e4
SHA512

766efca57a1caa88b17b18d61212ad115a79502b2105f12e37e73a4a6d84cba94115e9ba4ac510bdfb6280a52cbd7b4fe4b025b81154bd71303d3a750023343e
SSDEEP

6144:o3l8KUNCECbFg0Nx+3LdfGlpa0dAbGc85SCejo9zpEHk/d+YMYKDvg:o3Z7+3Rf+pa0Kyejo99EHk/d+YMYX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_ac895f97c6e21c63b7c51c93616c138c_cobalt-strike_ryuk

Files

2024-06-25_ac895f97c6e21c63b7c51c93616c138c_cobalt-strike_ryuk
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 305B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165.6MB - Virtual size: 165.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ