cobaltstrike | 63da25e6ea4e41d9f6609be79e6d20046b9c04f0e75e85ef97b6f9e0fa11358f

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2023, 15:40

Target

63da25e6ea4e41d9f6609be79e6d20046b9c04f0e75e85ef97b6f9e0fa11358f.exe
Size

19KB
MD5

6219d9d54c971f243a7f8c78989bfc6c
SHA1

7c47486e3affea669700a1aa113ac1bc5c4aeab9
SHA256

63da25e6ea4e41d9f6609be79e6d20046b9c04f0e75e85ef97b6f9e0fa11358f
SHA512

c62a293f01e2089e028bc3110c1be42404da76a0d8138ed65d1251644f6d5e4533b07deab54949bb48fbfc4f05e16bea85178d15ae86c245512efcb039a5e4bf
SSDEEP

192:DV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2ifWF8qa1Dojjgi:tqaCF31cix+Dc4zjGFF46gi

Score

10^/10

Family

cobaltstrike

http://172.30.16.236:811/vVFK

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\63da25e6ea4e41d9f6609be79e6d20046b9c04f0e75e85ef97b6f9e0fa11358f.exe
"C:\Users\Admin\AppData\Local\Temp\63da25e6ea4e41d9f6609be79e6d20046b9c04f0e75e85ef97b6f9e0fa11358f.exe"
1⤵
PID:4460

memory/4460-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/4460-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download