cobaltstrike | a0601c0548f57c9cd1aa2b460ce318ac1540befed6061803d741db13ce86d841 | Triage

Submit
Reports

Overview

overview

Static

static

1

a0601c0548...41.exe

windows7-x64

a0601c0548...41.exe

windows10-2004-x64

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 19:52

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

a0601c0548f57c9cd1aa2b460ce318ac1540befed6061803d741db13ce86d841.exe

Resource

win7-20231020-en

cobaltstrike metasploit backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

a0601c0548f57c9cd1aa2b460ce318ac1540befed6061803d741db13ce86d841.exe

Resource

win10v2004-20231020-en

cobaltstrike metasploit backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

a0601c0548f57c9cd1aa2b460ce318ac1540befed6061803d741db13ce86d841.exe
Size

56KB
MD5

e6d19989b79493f1ccd2dbc2f60d494e
SHA1

c32c6113ac0328198d8a45a404e7f27fc290abe9
SHA256

a0601c0548f57c9cd1aa2b460ce318ac1540befed6061803d741db13ce86d841
SHA512

b77ac5642875e79bd8e429b984988418da4585554e63e28b3368c35bfc225049a1a861f769b9a001963b1cf081e238126f6dd1abe9d8b59ecdf8cbdc3d770da7
SSDEEP

768:Ihxk41RixVfKnbDoPdChKXGMkTrWl4790PGUS8Yi6ygeaAMxkE:IY97fKAdChWlkIm90+Ut74eYx

Score

10^/10

cobaltstrike metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://update.larver.top:65533/jquery-3.3.8.support.min.js

Attributes

headers Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2781.1 Safari/537.36

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\a0601c0548f57c9cd1aa2b460ce318ac1540befed6061803d741db13ce86d841.exe
"C:\Users\Admin\AppData\Local\Temp\a0601c0548f57c9cd1aa2b460ce318ac1540befed6061803d741db13ce86d841.exe"
1⤵
PID:3232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3232-0-0x0000000001220000-0x0000000001222000-memory.dmp

Filesize
8KB

Download
memory/3232-1-0x0000000003BE0000-0x0000000004052000-memory.dmp

Filesize
4.4MB

Download
memory/3232-2-0x00000000037E0000-0x0000000003BE0000-memory.dmp

Filesize
4.0MB

Download
memory/3232-3-0x0000000003B70000-0x0000000003B72000-memory.dmp

Filesize
8KB

Download

© 2018-2025

Terms | Privacy