cobaltstrike | 5a05c9d73e329488a78cbe024bc68ba789c91a365b1cc4ace0ae9afa9ceebd84

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 02:49

Target

5a05c9d73e329488a78cbe024bc68ba789c91a365b1cc4ace0ae9afa9ceebd84.exe
Size

22KB
MD5

1fbe90d1d94ad78b9eb51bd8980d1e10
SHA1

b90ce28e78ed22b2983ef5f642dc6fc61252e5c2
SHA256

5a05c9d73e329488a78cbe024bc68ba789c91a365b1cc4ace0ae9afa9ceebd84
SHA512

b505613703ac3a977b79390374c3afe1f52285a71a36c3fd0d76814aa873035c27ad265072039321b6bceeb88431cb0d10be297a777ffec65f0f4a9c9780f270
SSDEEP

384:aN2VpniSLCOFrx4iYZ8vYc/Y9fAKgLyDo6XGhN6:P5COvBY9qY94KpE6g

Score

10^/10

Family

cobaltstrike

http://54.206.88.82:443/favicon2.ico

Attributes

user_agent
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 User-Agent: Opera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.9.168 Version/11.50

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\5a05c9d73e329488a78cbe024bc68ba789c91a365b1cc4ace0ae9afa9ceebd84.exe
"C:\Users\Admin\AppData\Local\Temp\5a05c9d73e329488a78cbe024bc68ba789c91a365b1cc4ace0ae9afa9ceebd84.exe"
1⤵
PID:1912

memory/1912-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1912-6-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download