cobaltstrike | 1b12a4fbc41eba03bd430a77f2afad8ca06d4676d7970a7e61a868069bb3ae41 | Triage

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24-03-2023 13:34

Sharing

Report Analysis Logs

General

Target

nccu_https.exe
Size

1.3MB
MD5

85750b5a758a95e1414666a787555225
SHA1

5d49b767031f39dd08bd0837d28881f79420a775
SHA256

1b12a4fbc41eba03bd430a77f2afad8ca06d4676d7970a7e61a868069bb3ae41
SHA512

e2594d13e308bf18f6ec07a7ba058c12eafdc41605e93bc2d90f0b4a4c4db2c29689e2fba9c340e841dd64ec86e40a82e63eefcfbdfbd0ffe1e4e6695a7e598d
SSDEEP

24576:Ds0hsXS5iccj3CR+NZ7frTMNjx5/PX5s0gl+W:DzP5k3DM/h5s0gl+W

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://198.52.127.146:21988/understand/tips/GMY0TY2G

Attributes

user_agent
Accept: application/xml, image/*, text/html Accept-Language: ca Accept-Encoding: *, br User-Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\nccu_https.exe
"C:\Users\Admin\AppData\Local\Temp\nccu_https.exe"
1⤵
PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-54-0x00000000279E0000-0x00000000279E1000-memory.dmp

Filesize
4KB

Download
memory/2032-72-0x0000000029460000-0x0000000029860000-memory.dmp

Filesize
4.0MB

Download