cobaltstrike | a0d8a2af045f1d19f26ac6804895bda701d6b86ec5f3ad27978437547d40da29

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26/08/2023, 15:07

Target

a0d8a2af045f1d19f26ac6804895bda701d6b86ec5f3ad27978437547d40da29_JC.exe
Size

17KB
MD5

2bbe72df499889632d0eb4fe58768f2b
SHA1

cb0a0dd3b5644a98d3f3ae249c5c02dccc5c2548
SHA256

a0d8a2af045f1d19f26ac6804895bda701d6b86ec5f3ad27978437547d40da29
SHA512

0147b246f0b48eb5f22aa14aeaeff08b8e14391308089026809bdc2532a96336b045eca5147a57147363f49f082fe9d313403fb4216912080e99222ee08bfccd
SSDEEP

192:kDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH45i/qntBUbOj6kxiY:kDMAoKz6WtKEj7aBDi0i/qntbAY

Score

10^/10

Family

cobaltstrike

http://81.69.249.203:10087/6Kwe

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\a0d8a2af045f1d19f26ac6804895bda701d6b86ec5f3ad27978437547d40da29_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a0d8a2af045f1d19f26ac6804895bda701d6b86ec5f3ad27978437547d40da29_JC.exe"
1⤵
PID:1052

memory/1052-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1052-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download