cobaltstrike | 757ecb1a43db6d18e1c1797157cdb5253baeb32d8c94adae7b20bd5266ec1f9b | Triage

Submit
Reports

Overview

overview

Static

static

1b780b4355...1b.exe

windows7-x64

1b780b4355...1b.exe

windows10-2004-x64

Analysis

max time kernel
153s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2022 03:01

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

1b780b4355cccc3c0f850bba1486db1b.exe

Resource

win7-20220812-en

cobaltstrike metasploit backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b780b4355cccc3c0f850bba1486db1b.exe

Resource

win10v2004-20220812-en

cobaltstrike metasploit backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

1b780b4355cccc3c0f850bba1486db1b.exe
Size

195KB
MD5

1b780b4355cccc3c0f850bba1486db1b
SHA1

65305aeacf482d9495b68eec61c1ef64e9b0446c
SHA256

757ecb1a43db6d18e1c1797157cdb5253baeb32d8c94adae7b20bd5266ec1f9b
SHA512

d440e834312704b65409f4f551d34f523009ad0a1371c3687c9f8e41a5aa30212a08a931161a6a1a2818ee3ed33f68c4fe0e272c232366f333f7dabd8c450654
SSDEEP

3072:dryEFdApaWVzPCWdEcCb6Xc8F9u7CC/CaFwT8FJ2AB2O9D5pZa9uD6Vdyhk7:FRFdAUEzPib4tF9EDCam2BXnwVf7

Score

10^/10

cobaltstrike metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

188.119.112.85:443

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\1b780b4355cccc3c0f850bba1486db1b.exe
"C:\Users\Admin\AppData\Local\Temp\1b780b4355cccc3c0f850bba1486db1b.exe"
1⤵
PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3068-132-0x00000000004CE000-0x00000000004DE000-memory.dmp

Filesize
64KB

Download
memory/3068-133-0x00000000021E0000-0x00000000021F3000-memory.dmp

Filesize
76KB

Download
memory/3068-134-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/3068-135-0x0000000002210000-0x000000000223B000-memory.dmp

Filesize
172KB

Download
memory/3068-136-0x0000000002240000-0x0000000002271000-memory.dmp

Filesize
196KB

Download
memory/3068-138-0x0000000002800000-0x0000000002900000-memory.dmp

Filesize
1024KB

Download
memory/3068-139-0x00000000022F0000-0x000000000234F000-memory.dmp

Filesize
380KB

Download
memory/3068-141-0x0000000002800000-0x0000000002900000-memory.dmp

Filesize
1024KB

Download
memory/3068-142-0x0000000002280000-0x00000000022A0000-memory.dmp

Filesize
128KB

Download
memory/3068-143-0x0000000002240000-0x0000000002271000-memory.dmp

Filesize
196KB

Download
memory/3068-144-0x0000000002800000-0x0000000002900000-memory.dmp

Filesize
1024KB

Download
memory/3068-145-0x0000000002800000-0x0000000002900000-memory.dmp

Filesize
1024KB

Download

© 2018-2024

Terms | Privacy