cobaltstrike | 84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252 | Triage

Resubmissions

25-03-2021 14:02

210325-6mt4xffj46 10

08-03-2021 01:58

210308-r9csy6wkvx 10

26-02-2021 11:00

210226-9h1pkd739a 10

Analysis

max time kernel
30s
max time network
31s
platform
windows7_x64
resource
win7v20201028
submitted
08-03-2021 01:58

Sharing

Report Analysis Logs

General

Target

Employee-Bonus.exe
Size

97KB
MD5

b2a682b8fe731d3c9a97b8fbf1cd84ae
SHA1

ebbbbeadbfcff24fd604167a628cf12ab2bb9c6c
SHA256

84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252
SHA512

6aa9246f88e398d1167126e88c90fc5a4049d7361ec4853abd1094d667ba0be42964190f17c0b40615856d44724989439c2d9fb53cbd2b69b135832d8e8522f2

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Version

windows/download_exec

C2

http://jumpbill.com:443/image-directory/eso.jpg

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\Employee-Bonus.exe
"C:\Users\Admin\AppData\Local\Temp\Employee-Bonus.exe"
1⤵
PID:384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/384-2-0x0000000000070000-0x0000000000071000-memory.dmp

Filesize
4KB

Download
memory/1436-3-0x000007FEF7300000-0x000007FEF757A000-memory.dmp

Filesize
2.5MB

Download