cobaltstrike | 95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6

General

Target

95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
Size

14KB
MD5

bb1a50f93719f9e557452c7a8956cfb8
SHA1

d7686843adbfdf9cf5a6435460b9eee10fca306f
SHA256

95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6
SHA512

e4e98aae8d0cfb0e3941bcea8b2e656e52d974269d05b57330cf95a787b883bb1bed7b467207106bc4c166c132f1c20f042602d92501067ec7d35be57db61825

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.93.63.179:2224/5ipO

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe

description	pid	process
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
PID 1660 wrote to memory of 0	1660	95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe

C:\Users\Admin\AppData\Local\Temp\95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe
"C:\Users\Admin\AppData\Local\Temp\95d504c99f7a810bbbc5b7bf92362a777e0f3210feb7bb8dff9ff72266f09db6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-55-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/1660-56-0x000007FEFC031000-0x000007FEFC033000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads