cobaltstrike | 950008035d225dd5f4c3a229082f1206eb9bce8c4aa4822b130db065da54e224 | Triage

Analysis

max time kernel
133s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
17-03-2022 16:19

Sharing

Report Analysis Logs

General

Target

tool.exe
Size

366KB
MD5

518d125bb64a8f8dc8b94054daf5e6df
SHA1

549735f585590452985451faf8ab1e6f22903abf
SHA256

950008035d225dd5f4c3a229082f1206eb9bce8c4aa4822b130db065da54e224
SHA512

59ba254d3f7a37a760d709807de28b1b99bb0f92304e2177e67c30ca24b7fc4428608d392513706e663a49449f065c3719e318ddc7752d414441fe2895b1cb89

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

CobaltStrike 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2608-132-0x0000000002120000-0x0000000002153000-memory.dmp	CobaltStrike
behavioral1/memory/2608-133-0x00000000024E0000-0x000000000251D000-memory.dmp	CobaltStrike

C:\Users\Admin\AppData\Local\Temp\tool.exe
"C:\Users\Admin\AppData\Local\Temp\tool.exe"
1⤵
PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-130-0x0000000002080000-0x00000000020C7000-memory.dmp

Filesize
284KB

Download
memory/2608-131-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2608-132-0x0000000002120000-0x0000000002153000-memory.dmp

Filesize
204KB

Download
memory/2608-133-0x00000000024E0000-0x000000000251D000-memory.dmp

Filesize
244KB

Download