cobaltstrike | d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f

General

Target

d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
Size

14KB
MD5

d858585aeb5cd81c1e343f0b6b8fc8a5
SHA1

2327d5d2462763289c7a2b45756dae13ef6e9dfa
SHA256

d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f
SHA512

6106abc688812fce465a3a3ffefd751c03b884100b3143d3c48c2e2f73f1aa2f6d48c6dd274eb175782f63f96aab0e7dd70649334c668e18859bae7f4ba91d29

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.93.63.179:2224/5ipO

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe

description	pid	process
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
PID 2720 wrote to memory of 0	2720	d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe

C:\Users\Admin\AppData\Local\Temp\d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe
"C:\Users\Admin\AppData\Local\Temp\d812838222fd0d9a617d15d458b450e054515591156928f5c31dfa0db220a01f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2720-117-0x000001F1F80A0000-0x000001F1F80A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads