cobaltstrike | 0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2023 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937.exe
Size

342KB
MD5

76452f7e2d6c4d157dad6963d078990e
SHA1

839868abc0813555cafc78c9e5829915baeec986
SHA256

0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937
SHA512

68fc22589f442fef85c5c6f953992a8f51455d8735ef3fec6589eabab13889e7ab6bccc7b679a7f4334fda68d8e8e4d97985668ff7450241059da4de41e68021
SSDEEP

6144:3yFTOnWYkjI+vQnhMINvh9LFUevWsXm2sOoh48vvvvPvBqnSxQwkFk:3oTOWY8Qn28tFzo4SCwyk

Score

10^/10

cobaltstrike 100000 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

Attributes

beacon_type
512
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
pipe_name
\\.\pipe\4a752176a9a74fe098048dba200a5bf6
polling_time
10000
port_number
4444
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSAj4+QAAGFW/w4165Jsu5jjWfTxklcMTrw5I9MyComrznseEQBhvjhSy3R5hFwX2C6XenT+fHN722ch6IZhDgXaMnVjfm2eZBRptFfZ+l4YcjdZo0lunaiNBlcMv+IsfVGd3RvSyBa6cuiNODLZlK1U+W+slnOAbKBkeWrlisBQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
watermark
100000

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937.exe
"C:\Users\Admin\AppData\Local\Temp\0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937.exe"
1⤵
PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1888-0-0x00000294C8630000-0x00000294C86B0000-memory.dmp

Filesize
512KB

Download
memory/1888-1-0x00000294C86B0000-0x00000294C8840000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads