cobaltstrike | f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 14:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe
Size

19KB
MD5

e7715055ced402cccffcd4cfbf653016
SHA1

fa8caa6bd5b7143cd7bfaec60058c69d0a2df064
SHA256

f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741
SHA512

f9c983c0f4c7d8b92e225d68fbab11fdb527d48ad9e9f6ed42f9adcfcc0d397b074f24f245f249bf294bdf995cd7506acd0127604a4fd694dc9929fdde9a5a80
SSDEEP

192:wV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2PVCdiJWF8qa1Dojjgi:SqaCF31cix+Dc4zje+bFF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

http://192.168.4.130:80/1ymF

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe"
1⤵
PID:4920

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

126.20.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.20.238.8.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

38.148.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.148.119.40.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

126.22.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.22.238.8.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response

192.168.4.130:80

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe

260 B
5
192.168.4.130:80

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe

260 B
5
192.168.4.130:80

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe

260 B
5
192.168.4.130:80

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe

260 B
5
192.168.4.130:80

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe

260 B
5
192.168.4.130:80

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe

260 B
5
192.168.4.130:80

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe

260 B
5
192.168.4.130:80

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe

104 B
2

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

126.20.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

126.20.238.8.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

54.120.234.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

54.120.234.20.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

38.148.119.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

38.148.119.40.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

126.22.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

126.22.238.8.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4920-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/4920-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.