cobaltstrike | dc9fb3d2bbe78fa947a3eb8f13df22d73d115217f53576236d3e97bcc8aa3957[.]zip

General

Target

dc9fb3d2bbe78fa947a3eb8f13df22d73d115217f53576236d3e97bcc8aa3957.zip
Size

119KB
MD5

8869cb838525ed0831325df2b8da9d99
SHA1

c274ad8db0977ea5212f6ae254260727b81061f8
SHA256

b97b3452bbcdad970a91eea9af43245d5a84715905ebf0f550bbaaa626342292
SHA512

d9edcc8c6785c257b4cc446e1013339eb7c9f0ca6ef99fecc2c4718a45c8f071abfff2ac3dc0e7681e16c2121f9108d4000af68deb6e6c8e24d0ef0ada8e7f15
SSDEEP

3072:PgHtb49Vj2keO/kHwTm8tlWGSQZ77Yvx0NgHianW8:4NYVjRJ/kQT/3XvYZ0WCaN

Score

10^/10

0 cobaltstrike

Family

cobaltstrike

Botnet

0

Attributes

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
static1/unpack001/dc9fb3d2bbe78fa947a3eb8f13df22d73d115217f53576236d3e97bcc8aa3957	cobalt_reflective_dll

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dc9fb3d2bbe78fa947a3eb8f13df22d73d115217f53576236d3e97bcc8aa3957

dc9fb3d2bbe78fa947a3eb8f13df22d73d115217f53576236d3e97bcc8aa3957.zip
.zip

Password: infected
dc9fb3d2bbe78fa947a3eb8f13df22d73d115217f53576236d3e97bcc8aa3957
.dll windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ