cobaltstrike | 5eb5e389d2b284bedfe1eec5108991088b568a9bd0248231cc989454c09455f6[.]zip

General

Target

5eb5e389d2b284bedfe1eec5108991088b568a9bd0248231cc989454c09455f6.zip
Size

135KB
MD5

ffbb96f1e6267c06e0020d30a1213638
SHA1

81e256107afa7ea2e75db2929b0c3e56f08db928
SHA256

654706f1cb86a9db49f8ac115e394e25c1969aa3b747ad01604e00ae7c01178d
SHA512

70d6a6268121eeca03339e27978331e8e01de0cfad11592c844da1c98e3ca49667be3f74eab35f9d57382d7d9bd609801fe3b3a0d9138ba0e1f3c5d58b35260a
SSDEEP

3072:xN31pag/veDF9wx5ATQLIbTc/flST9a3jXI5Duvgxjd441pbc:x51QFXwxyBs3lSErI05ApA

Score

10^/10

0 cobaltstrike

Family

cobaltstrike

Botnet

0

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5eb5e389d2b284bedfe1eec5108991088b568a9bd0248231cc989454c09455f6

5eb5e389d2b284bedfe1eec5108991088b568a9bd0248231cc989454c09455f6.zip
.zip

Password: infected
5eb5e389d2b284bedfe1eec5108991088b568a9bd0248231cc989454c09455f6
.dll windows:5 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ