cobaltstrike | 6e86102038cd3b97d5597a77aa4b585c5df9c9550129fd829d9938cd1bf37579

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 07:35

Target

6e86102038cd3b97d5597a77aa4b585c5df9c9550129fd829d9938cd1bf37579.exe
Size

19KB
MD5

24fd21f100831efb3b3d3d22d56a6ca8
SHA1

db2cadad87ae99ec840e3caaa61604f0504ef386
SHA256

6e86102038cd3b97d5597a77aa4b585c5df9c9550129fd829d9938cd1bf37579
SHA512

b049ff1438ad4cca1748268e161008d0c9721dbc3f3c1fa7f3465127141e03caa2a03372902c8b542b9d6d04702aeeffef42ed3bf519429d999ac51acbcef28c
SSDEEP

192:pV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2nvNpWF8qa1Dojjgi:LqaCF31cix+Dc4zjiV0FF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.40.131:8888/y6lB

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\6e86102038cd3b97d5597a77aa4b585c5df9c9550129fd829d9938cd1bf37579.exe
"C:\Users\Admin\AppData\Local\Temp\6e86102038cd3b97d5597a77aa4b585c5df9c9550129fd829d9938cd1bf37579.exe"
1⤵
PID:2588

memory/2588-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2588-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download