cobaltstrike | f3c71a174b27c32f0df3889c1e310ddd6454143abb0a8ca79cc8f2e319231290

Analysis

max time kernel
124s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 21:27

Target

f3c71a174b27c32f0df3889c1e310ddd6454143abb0a8ca79cc8f2e319231290.exe
Size

1.9MB
MD5

9da1fa81149151dd5c1c2bcfc1d4747a
SHA1

d38710604ee2ee4cfcf93c68b349287cea58b3dc
SHA256

f3c71a174b27c32f0df3889c1e310ddd6454143abb0a8ca79cc8f2e319231290
SHA512

7a580b4c69a02a68ca005bb6f7ab02a37ddf8ba7df1110565d270a8a1eec602aa1e6cc39327c3e38bfc82c413c60ea2808727367f4481d1acd353584784ae7f4
SSDEEP

24576:LdNX32QPrd6NjBrYNMPIRCaF/Rmvavt7N/K4CcS/oFuQreZGU:pp3zPrUjO+CIMLO2uweZG

Score

10^/10

Family

cobaltstrike

http://43.154.43.245:28880/H1ou

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\f3c71a174b27c32f0df3889c1e310ddd6454143abb0a8ca79cc8f2e319231290.exe
"C:\Users\Admin\AppData\Local\Temp\f3c71a174b27c32f0df3889c1e310ddd6454143abb0a8ca79cc8f2e319231290.exe"
1⤵
PID:4044

memory/4044-0-0x000001E607670000-0x000001E607671000-memory.dmp

Filesize
4KB

Download