cobaltstrike | 26e8b9536222b4f400694c773394b5fa6edef2091e96dc9547d8b8e2e05beb60

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 09:57

Target

26e8b9536222b4f400694c773394b5fa6edef2091e96dc9547d8b8e2e05beb60.exe
Size

19KB
MD5

7aebc172ba47234c5e8b850136a59c04
SHA1

e1be13d8c1280694c170845d219cc81d70500f98
SHA256

26e8b9536222b4f400694c773394b5fa6edef2091e96dc9547d8b8e2e05beb60
SHA512

045caaccb2e050da95edf57bdc15a3902e4af3f53a247b77678af2363dbc7d1ae5eab7c106876d9da13776dfce37cf776c04640b384eadff037d85ebb3851be2
SSDEEP

192:fV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2OosOQoWF8qa1Dojjgi:ZqaCF31cix+Dc4zjIsOQdFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.20.130:29000/Meeting/pEYQtxsRP8RIsD2/

Attributes

user_agent
Host: 192.168.20.130 Accept: */* Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 Edg/80.0.361.66

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\26e8b9536222b4f400694c773394b5fa6edef2091e96dc9547d8b8e2e05beb60.exe
"C:\Users\Admin\AppData\Local\Temp\26e8b9536222b4f400694c773394b5fa6edef2091e96dc9547d8b8e2e05beb60.exe"
1⤵
PID:1252

memory/1252-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1252-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download