cobaltstrike | fa9a9c08977c0e8e778b7961c23c525878da225fb7cffcf8e766c50490752d77

Sharing

Copy URL Twitter E-mail

General

Target

fa9a9c08977c0e8e778b7961c23c525878da225fb7cffcf8e766c50490752d77
Size

6.3MB
MD5

6803d90bcdad1aea81f711272e56cf6f
SHA1

d6043ec37cf58392659a0ea4b4c6896a594f63df
SHA256

fa9a9c08977c0e8e778b7961c23c525878da225fb7cffcf8e766c50490752d77
SHA512

42887a6d58d9e8afdb7971141ea934847641968706404fd2d2e41a226195c6d5ea056da30663fc6d5d6a9204eb3fb20ae795abef60f5e123eff7b1876b2da352
SSDEEP

98304:h+vMoSbPWDSN7fbHcuZeAV8u0+8NyoHiM:AvMoSzWDS8

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://82.156.69.103:4000/adIO

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa9a9c08977c0e8e778b7961c23c525878da225fb7cffcf8e766c50490752d77

Files

fa9a9c08977c0e8e778b7961c23c525878da225fb7cffcf8e766c50490752d77
.exe windows:6 windows x64 arch:x64

47034886867910a6c402fb5223b99d0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python311

PyLong_FromSsize_t
_PyLong_New
_PyLong_Copy
PyFloat_FromDouble
PyComplex_FromDoubles
PyTuple_New
PyTuple_Pack
_PyTuple_MaybeUntrack
PyList_New
PyList_Append
PyList_Sort
PyDict_New
PyDict_GetItem
PyDict_DelItem
PyDict_MergeFromSeq2
PyDict_GetItemString
PyDict_SetItemString
_PyDict_NewPresized
_PyDict_MaybeUntrack
PySet_New
PyFrozenSet_New
PySet_Add
_PySet_NextEntry
PyCMethod_New
PyModule_NewObject
PyModule_GetDict
PyModule_GetName
PyModule_GetFilenameObject
PyModule_GetDef
_PyGen_FetchStopIterationValue
Py_GenericAlias
_PyWeakref_ClearRef
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
Py_BuildValue
PyModule_ExecDef
PyModule_FromDefAndSpec2
_PyArg_NoKeywords
PyErr_Print
Py_CompileStringExFlags
PyEval_GetFuncName
PyEval_SaveThread
PyEval_RestoreThread
_PyEval_EvalFrameDefault
PySys_WriteStderr
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportFrozenModule
_PyImport_FixupExtensionObject
PyObject_Call
PyObject_CallObject
PyObject_CallFunction
PyObject_CallFunctionObjArgs
PyObject_CallMethodObjArgs
PyObject_SetItem
PyObject_DelItem
PyObject_GetIter
PyIter_Next
PyIter_Send
PyNumber_Add
PyNumber_Subtract
PyNumber_FloorDivide
_PyErr_FormatFromCause
PyNumber_AsSsize_t
PyNumber_InPlaceAdd
PyNumber_InPlaceLshift
PyNumber_InPlaceOr
PySequence_Check
PySequence_List
PySequence_Contains
PyObject_IsInstance
PyObject_IsSubclass
PyMarshal_ReadObjectFromString
_PyErr_ChainStackItem
_PyErr_NormalizeException
PyType_Type
PyBaseObject_Type
_Py_NotImplementedStruct
PyByteArray_Type
PyBytes_Type
PyCode_Type
PyExc_StopAsyncIteration
PyExc_StopIteration
PyExc_GeneratorExit
PyExc_AttributeError
PyExc_ImportError
PyExc_KeyError
PyExc_NameError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_SystemError
PyExc_TypeError
PyExc_ValueError
PyLong_Type
PyBool_Type
PyFloat_Type
PyComplex_Type
PyRange_Type
PyTuple_Type
PyList_Type
PyDict_Type
PySet_Type
PyFrozenSet_Type
PyCFunction_Type
PyModule_Type
PyModuleDef_Type
PyFunction_Type
PyMethod_Type
PyFrame_Type
PyTraceBack_Type
_Py_EllipsisObject
PySlice_Type
PyEllipsis_Type
PySeqIter_Type
PyGen_Type
PyCoro_Type
PyAsyncGen_Type
_PyAsyncGenWrappedValue_Type
Py_GenericAliasType
_PyWeakref_RefType
_PyWeakref_ProxyType
_PyWeakref_CallableProxyType
_Py_PackageContext
_PyErr_WriteUnraisableMsg
PyOS_snprintf
PyErr_WriteUnraisable
PyErr_Format
PyErr_NoMemory
PyErr_BadArgument
PyException_SetContext
PyException_GetContext
PyException_SetCause
PyErr_ExceptionMatches
PyCode_NewWithPosOnlyArgs
_PyUnicode_Ready
PyUnicode_New
PyUnicode_Join
PyUnicode_Concat
PyUnicode_DecodeUTF8
PyUnicode_AsWideCharString
PyUnicode_FromWideChar
PyUnicode_InternInPlace
PyUnicode_FromFormat
PyUnicode_FromStringAndSize
PyBytes_AsString
PyBytes_FromString
PyByteArray_FromStringAndSize
PyByteArray_FromObject
PyObject_GC_Del
_PyObject_GC_NewVar
_PyObject_GC_Resize
_PyObject_New
PyObject_InitVar
_PyObject_LookupAttr
_PyType_Lookup
_Py_Dealloc
PyObject_ClearWeakRefs
PyCallable_Check
PyObject_GenericSetAttr
PyObject_SelfIter
PyObject_SetAttr
PyObject_GetAttr
PyObject_SetAttrString
PyObject_GetAttrString
PyObject_RichCompareBool
PyObject_RichCompare
PyObject_Str
PyObject_Repr
PyType_Ready
PyType_IsSubtype
PyMem_GetAllocator
PyMem_Realloc
_PyRuntime
PyImport_FrozenModules
Py_UTF8Mode
Py_NoUserSiteDirectory
Py_DontWriteBytecodeFlag
Py_IgnoreEnvironmentFlag
Py_FrozenFlag
Py_BytesWarningFlag
Py_NoSiteFlag
Py_OptimizeFlag
Py_InspectFlag
Py_InteractiveFlag
Py_VerboseFlag
Py_DebugFlag
_PyConfig_InitCompatConfig
_PyRuntime_Initialize
_PyWarnings_Init
PySys_SetArgv
Py_ExitStatusException
Py_InitializeFromConfig
Py_SetProgramName
Py_Exit
PyErr_PrintEx
PyDict_DelItemString
PyLong_AsLong
PyErr_SetInterrupt
PyConfig_SetArgv
PyConfig_SetString
PyWideStringList_Append
PyStatus_Exception
PyUnicode_AsUTF8
PyUnicode_Type
_Py_NoneStruct
PyDict_SetItem
_Py_TrueStruct
_Py_FalseStruct
PySys_SetObject
PySys_GetObject
PyStructSequence_New
PyStructSequence_InitType
PyCapsule_New
PyLong_FromLong
PyUnicode_FromString
PyNumber_Negative

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetStdHandle
SetConsoleCtrlHandler
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetEnvironmentVariableA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FindResourceA
FormatMessageA
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetErrorMode
WriteFile
GetShortPathNameW
CreateFileW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetDllDirectoryW
OpenProcess
CreateThread
ExitProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetStdHandle

Sections

.text
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

47034886867910a6c402fb5223b99d0d

Headers

DLL Characteristics

File Characteristics

Imports

python311

kernel32

Sections

.text Size: 257KB - Virtual size: 257KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 27KB - Virtual size: 40KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 257KB - Virtual size: 257KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 27KB - Virtual size: 40KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 3KB - Virtual size: 3KB