cobaltstrike | a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 11:12

Target

a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3.exe
Size

6.2MB
MD5

7e21cf20651a73c27fa14868c91483af
SHA1

b62f66d2a4b32324ee62b278bae553263ea6db7b
SHA256

a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3
SHA512

4a7d95399ba765e520c6ee4a48376d589ebba499cd0042367694cdf5e7fbf7b6594c345eda6d9d4f8e8e0331554105b39ece611b431d4942952a2b94bc65f043
SSDEEP

98304:b6/Vqlrcw+CJWqpC2h4MtK5qg5l5yATE:eVqtx+CFpyyT

Score

10^/10

Family

cobaltstrike

http://192.168.1.145:8088/Restrict/v8.12/RTFSPGTO

Attributes

user_agent
Accept: image/*, application/xhtml+xml, text/html Accept-Language: mt Accept-Encoding: *, gzip User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3.exe
"C:\Users\Admin\AppData\Local\Temp\a5d3b9b6a9d54b9df6a49c9897ae3be77e32641918f72c50b981f09608794ee3.exe"
1⤵
PID:564

memory/564-0-0x000001F232360000-0x000001F232361000-memory.dmp

Filesize
4KB

Download