cobaltstrike | 2a367d9d6dee7afa5c97ae81175b25f8ee4ef25f9969954f7a9156d451df9a65[.]zip

General

Target

2a367d9d6dee7afa5c97ae81175b25f8ee4ef25f9969954f7a9156d451df9a65.zip
Size

148KB
MD5

590e5259b56fc28a4864cd52068a4c1b
SHA1

f1aaaeca5305bf094c03acae8ed11434e54112b9
SHA256

2380497830eefdd215a60e45db75bb05f570767f1d8b1f2cc00fe8facf9ebdb6
SHA512

a813aba36fb9294dec3298c0dca03e800ecf41a2e5ea49d092caca2d744484e072cbee834a9cbc89d43c1c2ecde0d8c47eaddc5414add3b8b0880001959df873
SSDEEP

3072:t/S6yNtDSNrkIUNNZCJa6gc+s/mi5GmLTE9OQalxnN:t/SXNUkHCJapc+446595

Score

10^/10

cobaltstrike

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
static1/unpack001/2a367d9d6dee7afa5c97ae81175b25f8ee4ef25f9969954f7a9156d451df9a65	cobalt_reflective_dll

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2a367d9d6dee7afa5c97ae81175b25f8ee4ef25f9969954f7a9156d451df9a65

2a367d9d6dee7afa5c97ae81175b25f8ee4ef25f9969954f7a9156d451df9a65.zip
.zip

Password: infected
2a367d9d6dee7afa5c97ae81175b25f8ee4ef25f9969954f7a9156d451df9a65
.dll windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ