cobaltstrike | 0d1fbb35e0a41955bb9e49e3e765be71121a661ba0b374c5e352be5a87639240 | Triage

Analysis

max time kernel
11s
max time network
150s
platform
windows10_x64
resource
win10v20210410
submitted
05-05-2021 08:05

Sharing

Report Analysis Logs

General

Target

b5d2585a_by_Libranalysis.exe
Size

72KB
MD5

b5d2585a9d50e788a37d6700ed8133cf
SHA1

c6617ceea2106f76078c195a4a86cb7e6fc31507
SHA256

0d1fbb35e0a41955bb9e49e3e765be71121a661ba0b374c5e352be5a87639240
SHA512

70e05be3e01dc7d779f9a8313efc256af5c0819acc1d3b7d0247767ed85fa4f40aa641bf1ebc366310557e88bd9bc25144c5f9a2c8180f58ebc91a44c1d5b6e5

Score

10^/10

cobaltstrike metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

13.59.15.185:16297

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

C:\Users\Admin\AppData\Local\Temp\b5d2585a_by_Libranalysis.exe
"C:\Users\Admin\AppData\Local\Temp\b5d2585a_by_Libranalysis.exe"
1⤵
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-114-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/1968-115-0x0000000000460000-0x000000000048B000-memory.dmp

Filesize
172KB

Download
memory/1968-116-0x00000000004C0000-0x000000000056E000-memory.dmp

Filesize
696KB

Download
memory/1968-117-0x0000000000980000-0x00000000009DF000-memory.dmp

Filesize
380KB

Download
memory/1968-118-0x00000000004C0000-0x000000000056E000-memory.dmp

Filesize
696KB

Download