cobaltstrike | ad4b2fd7a8eb6621168ac954783ab59a9687c97d08bd986a1c5d3d375d279fef

Sharing

Copy URL

Twitter E-mail

General

Target

ad4b2fd7a8eb6621168ac954783ab59a9687c97d08bd986a1c5d3d375d279fef
Size

2.7MB
MD5

abc522192954f27f75765a17addeb177
SHA1

2a2b797d5a9a736dc7cd8ad538b214469ba97c1c
SHA256

ad4b2fd7a8eb6621168ac954783ab59a9687c97d08bd986a1c5d3d375d279fef
SHA512

754432264761b73f4cb6a9aea89ba6363589c7b6e068b6a7d1acf45646923dea920eeb8c97aabf2cbc2a100092e4580b8de9ae3ebf919464f7f22e3363fe187a
SSDEEP

24576:g7mhizMj4uNY4p5pfL4WTmwEwCiz5pQxLJ9UhS7dgsE6VcWvZF++K9fKa18dpn:g7ciIkMTme2JSmb+JF18vn

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://139.159.247.207:80/qREU

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad4b2fd7a8eb6621168ac954783ab59a9687c97d08bd986a1c5d3d375d279fef

Files

ad4b2fd7a8eb6621168ac954783ab59a9687c97d08bd986a1c5d3d375d279fef
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

_cgo_dummy_export

Sections

.text
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 293KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 512B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 447KB - Virtual size: 446KB

.data Size: 28KB - Virtual size: 27KB

.rdata Size: 553KB - Virtual size: 552KB

.pdata Size: 14KB - Virtual size: 14KB

.xdata Size: 1024B - Virtual size: 800B

.bss Size: - Virtual size: 293KB

.edata Size: 512B - Virtual size: 78B

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 8KB

/4 Size: 512B - Virtual size: 512B

/19 Size: 520KB - Virtual size: 519KB

/31 Size: 4KB - Virtual size: 3KB

/45 Size: 187KB - Virtual size: 186KB

/57 Size: 63KB - Virtual size: 62KB

/70 Size: 1024B - Virtual size: 518B

/81 Size: 557KB - Virtual size: 556KB

/92 Size: 214KB - Virtual size: 214KB

/106 Size: 512B - Virtual size: 34B

.text
Size: 447KB - Virtual size: 446KB

.data
Size: 28KB - Virtual size: 27KB

.rdata
Size: 553KB - Virtual size: 552KB

.pdata
Size: 14KB - Virtual size: 14KB

.xdata
Size: 1024B - Virtual size: 800B

.bss
Size: - Virtual size: 293KB

.edata
Size: 512B - Virtual size: 78B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 8KB

/4
Size: 512B - Virtual size: 512B

/19
Size: 520KB - Virtual size: 519KB

/31
Size: 4KB - Virtual size: 3KB

/45
Size: 187KB - Virtual size: 186KB

/57
Size: 63KB - Virtual size: 62KB

/70
Size: 1024B - Virtual size: 518B

/81
Size: 557KB - Virtual size: 556KB

/92
Size: 214KB - Virtual size: 214KB

/106
Size: 512B - Virtual size: 34B