cobaltstrike | f7df2385d8f3ce56e5590576c81d47fbacb11fdc78fd7927a19f66c9d4bf7da9[.]exe | Triage

Sharing

General

Target

f7df2385d8f3ce56e5590576c81d47fbacb11fdc78fd7927a19f66c9d4bf7da9.exe
Size

304KB
MD5

d848d48c1dee77bca37bcf42163c8e2f
SHA1

ce293ee96c8ae136848789fc6def72ddb6846b1e
SHA256

f7df2385d8f3ce56e5590576c81d47fbacb11fdc78fd7927a19f66c9d4bf7da9
SHA512

428b70b64cc193a0e7e3f9d08d59d36c349b17e65348706f8ea084bade9409ee496b96d5a060952209299e9d867194441d06cb79d194941b4edb33d8cfc01d5f
SSDEEP

3072:TJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/eSbVjYJBaXM6ENeHnaHr:TJwpYVNcn3pTdNe+WXViBjBNH6

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7df2385d8f3ce56e5590576c81d47fbacb11fdc78fd7927a19f66c9d4bf7da9.exe

Files

f7df2385d8f3ce56e5590576c81d47fbacb11fdc78fd7927a19f66c9d4bf7da9.exe
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ