cobaltstrike | 34e44036ffb7d1681428bafb62a28fa844dbcb7fad9c79fda98a20f25de94112 | Triage

Submit
Reports

Overview

overview

Static

static

3

Ali_x64.exe

windows7-x64

Ali_x64.exe

windows10-2004-x64

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 19:49

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Ali_x64.exe

Resource

win7-20231215-en

cobaltstrike backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ali_x64.exe

Resource

win10v2004-20231222-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

Ali_x64.exe
Size

19KB
MD5

3111f225c10f35464bd4f944683a00c8
SHA1

9fd2700467f3a55dd16446da06ff9aec2d26ce84
SHA256

34e44036ffb7d1681428bafb62a28fa844dbcb7fad9c79fda98a20f25de94112
SHA512

35cb4b962e42af825f9ef19bbe94b205b5c35461054a1932b663309bcf92652e08c9876c4be22c8c51cec12a08e13df44f702de20e9cb113b59d692437cc8f36
SSDEEP

192:cV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2W5XZ0EtpWF8qa1Dojjgi:+qaCF31cix+Dc4zjb5Xdt0FF46gi

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://47.252.17.61:8080/w4hJ

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\Ali_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Ali_x64.exe"
1⤵
PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2216-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2216-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

© 2018-2025

Terms | Privacy