cobaltstrike | 0427861e61546ae6cc200e7fc925a975b93e351c9f6b55d0134cd046fc044854

Sharing

Copy URL Twitter E-mail

General

Target

0427861e61546ae6cc200e7fc925a975b93e351c9f6b55d0134cd046fc044854
Size

9KB
MD5

006e47c50a427c54c6f7b73d1fcd21c8
SHA1

99f8fa018995c7cb6195fdff272a90fc003aec65
SHA256

0427861e61546ae6cc200e7fc925a975b93e351c9f6b55d0134cd046fc044854
SHA512

17dddf7ee0e5bd82e0c53dac6d019296a501bd8fb8b851132fe7e4f555b8b3977071abc64ceaf6fc0aa76392faadf7c3f7a8ff05566659792fda3abab3d2db0f
SSDEEP

96:qXSd+pye3kJwyUhXZOaC9Cj1l8/6OTC4jO2iYjXAXWi9hYkSE5pz6rJoZ5q7B3lZ:qilUhXZm98czjOwXF7E5pz6rJoZ5q

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://192.168.139.141:6789/qZ8Z

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0427861e61546ae6cc200e7fc925a975b93e351c9f6b55d0134cd046fc044854

Files

0427861e61546ae6cc200e7fc925a975b93e351c9f6b55d0134cd046fc044854
.exe windows:6 windows x86 arch:x86

f2af028ddb12964916337b16309a2db9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\小迪免杀2203课件\151-免杀对抗-C&C++&InlineHook&API调用&项目源码等\apito\Release\apito.pdb

Imports

kernel32

GetModuleHandleA
GetProcAddress
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

user32

GetDC

vcruntime140

_except_handler4_common
memset
__current_exception_context
__current_exception

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
__p___argv
_configure_narrow_argv
_controlfp_s
terminate
__p___argc
_cexit
_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_c_exit
_set_app_type
_seh_filter_exe
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f2af028ddb12964916337b16309a2db9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 372B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 372B