cobaltstrike | fb73d38fe273961e0bfb618ed21b9150f250fadf093118f247925692619547cb | Triage

Submit
Reports

Overview

overview

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 23:04

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

cobaltstrike backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

tmp.exe
Size

153KB
MD5

1169d488346b8de569e52cb184b9131e
SHA1

e8cc0000b323d65d2a61d8d3d3e0a006ea7a63b3
SHA256

fb73d38fe273961e0bfb618ed21b9150f250fadf093118f247925692619547cb
SHA512

79f1b2d1e0c1b7e4bd3673d030d014432c1c788e8c0f90f711d2bfec1e71224e38de8fe09028fb19219467aa816fef8e56e7f8ea17e64cc34e73ce403db85042
SSDEEP

3072:+4Ri4MxDERjtKurTmlwJ6V9DwiulUAZRdVU1cmuT:JRYxgnKwQwJ2DtuaklT

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://naporiz.com:443/image-directory/admin.gif

Attributes

user_agent
Host: taobao.com Connection: close Accept: */* Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
PID:3676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3676-133-0x000002085D3D0000-0x000002085D3D2000-memory.dmp

Filesize
8KB

Download

© 2018-2024

Terms | Privacy