cobaltstrike | 339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502 | Triage

Analysis

max time kernel
31s
max time network
32s
platform
windows7_x64
resource
win7v20210408
submitted
07-05-2021 10:14

Sharing

Report Analysis Logs

General

Target

339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502.exe
Size

17KB
MD5

60a1bfe619b2dc1cec9f3f61762255f4
SHA1

0c71506f28da58c9c90a0008eafae21309f729b7
SHA256

339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502
SHA512

1bbeddebc065360a49b0cea2a0e876a6237baca850cb75f73ee94fb6c37858c0c2f1274fe9a5a4ee2a8e739a3385d389ba702130a8dea98adde4043820bc926c

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://95.181.157.170:80/uNIQ

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502.exe
"C:\Users\Admin\AppData\Local\Temp\339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502.exe"
1⤵
PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-60-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1768-61-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

Filesize
8KB

Download